| dtwlukf.com/css/css.css | 172.67.155.65 | | 1.9 kB |
IP172.67.155.65:0
File typeASCII text, with very long lines (584) Hash0eed404cda0f5a8445205850d0658861 acf518d7d3f7877751a5073d204b17a07d509c77 d72cf2028706c351797023ac7f7be5fd7b85d8886bf860ea3dcf4fe4fc93dff6
GET /css/css.css HTTP/1.1
Host: dtwlukf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dtwlukf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 15:56:48 GMT
content-type: text/css
last-modified: Fri, 15 Mar 2024 03:31:37 GMT
vary: Accept-Encoding
etag: W/"65f3c119-1648"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i2upXGQvxuhYl14v8R8c3ec1yw9EbCJVe43deewsCjYo%2BuJCiFPAJ6zWKSS%2BlyAblFKD8PdlK8BPOLBeDUht8wF8qKhNni8UICvizLnnpZ7KhYvZT2Ommfd8WtHXjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e9aed0be8756ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=G-EF3MMFMF5C | 142.250.74.168 | | 103 kB |
URL www.googletagmanager.com/gtag/js?id=G-EF3MMFMF5C IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (5955) Size103 kB (102760 bytes) Hashaf4d07a83254a8048c9b5048a4fa00a3 e81b9d6fc61b02282991437170bf8fb0da6af020 06d6fc1b2d71b0097f908103b74c1632b2d4a307fd337d16385638e21faea790
GET /gtag/js?id=G-EF3MMFMF5C HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://v8.furxcrw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 15:56:56 GMT
expires: Sat, 04 May 2024 15:56:56 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 102760
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1wnurc.com/core-js/3.33.3/minified.js | 190.115.24.78 | 200 OK | 74 kB |
URL GET HTTP/21wnurc.com/core-js/3.33.3/minified.js IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wnurc.com Fingerprint29:8A:BB:7C:EB:85:87:ED:E9:21:DE:1E:36:30:4D:27:BF:70:F2:01 ValidityFri, 03 May 2024 09:17:12 GMT - Thu, 01 Aug 2024 09:17:11 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (31999) Hash38facf849f100d0fe6269a53a7bca451 9bb69f981438d48b093bd1eb673885476b4932f0 ce68e1614ab493deaecfa6eb9711736de0348248e1d559b5f6dfb5dc4c29b459
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wnurc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __ddg1_=nvZI7ibdzPCQdh23MAo3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 09 Apr 2024 12:18:36 GMT
content-type: application/javascript
last-modified: Tue, 09 Apr 2024 10:12:46 GMT
etag: W/"6615149e-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 2173101
content-length: 74162
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1wnurc.com/img/logo/main/1win-normal.svg | 190.115.24.78 | 200 OK | 1.5 kB |
URL GET HTTP/21wnurc.com/img/logo/main/1win-normal.svg IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wnurc.com Fingerprint29:8A:BB:7C:EB:85:87:ED:E9:21:DE:1E:36:30:4D:27:BF:70:F2:01 ValidityFri, 03 May 2024 09:17:12 GMT - Thu, 01 Aug 2024 09:17:11 GMT
File typeSVG Scalable Vector Graphics image Hash0a5e2aff3499f587617337c0add83e72 c713ec3dbfd744114ba3b9cbf7b9ce3d40fbd8a4 a5cb3d03f299b837679eaa793491a03acc5fc1afdbc7f207b7566646f3bd2ecb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wnurc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __ddg1_=nvZI7ibdzPCQdh23MAo3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 09 Apr 2024 12:19:38 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 10:12:46 GMT
etag: W/"6615149e-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 2173039
content-length: 1474
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33064, version 1.0 Hashde175cbf569bb3ccf1f761c845cbd896 8d93663b858bae157ba5fc40e1400177104d71bd df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wnurc.com/
Origin: https://1wnurc.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:57 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: "660d5374-8128"
expires: Tue, 02 May 2034 15:56:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 338919
accept-ranges: bytes
set-cookie: __cf_bm=iTa22gtyvI6GsVYlh7TeUwDnKEBqlO0SqXLGVl16boo-1714838217-1.0.1.1-TrHfb49wpZ6BXvOhziHq5efwRZQ.RZeB0Ek1hMwfW60yFB4cnAhOxfc003I0NEHB6aG_7f123eg94f5t5Up8.w; path=/; expires=Sat, 04-May-24 16:26:57 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af08aca7569f-OSL
X-Firefox-Spdy: h2
|
|
| dtwlukf.com/css/style.css | 172.67.155.65 | | 188 kB |
URL dtwlukf.com/css/style.css IP172.67.155.65:0
File typeUnicode text, UTF-8 text, with very long lines (341) Size188 kB (188519 bytes) Hashf27e98f12ce23b7dfb7b4f0dc05e8ac2 b67af3de1d596922220e6ff9fc226c7c41f7ab50 a140051b776673ee24cdbd9bb73f7210b3bf70b1e5f8640527e6437e349b78c3
GET /css/style.css HTTP/1.1
Host: dtwlukf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dtwlukf.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 15:56:49 GMT
content-type: text/css
last-modified: Fri, 15 Mar 2024 03:31:37 GMT
vary: Accept-Encoding
etag: W/"65f3c119-9106"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iiguv0jocecAF9ZjiOGiqr8Uj3l7ellA33C3m7FlZ2Dkc0s%2BRUmqRgtkZp6jZX2F2MhypKM3qGF6waoGgKMFdQJSLwbwGkZSEqjFwd8cXIO5ZTI7VsOIe8nhauyeQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e9aed0be8956ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 1win-cdn.com/js/chunk-common.9a0de7d23.js | 154.197.121.128 | 200 OK | 57 kB |
URL GET HTTP/21win-cdn.com/js/chunk-common.9a0de7d23.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65526), with no line terminators Hash328167dfc2e2d1c6e591611d2011e76c 46d4715f72e79fb5a56cc8a9218e335a74e2a710 ef431e25f8b3897189cccad3d14a811b800acb943d958d263686352accdaf672
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-common.9a0de7d23.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-2b41a"
expires: Tue, 02 May 2034 15:56:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 111162
set-cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA; path=/; expires=Sat, 04-May-24 16:26:57 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af08baa37131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| dtwlukf.com/js/jquery.infinitescroll.js | 172.67.155.65 | | 15 kB |
URL dtwlukf.com/js/jquery.infinitescroll.js IP172.67.155.65:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (10465) Hashca8713cc49a4ba8334f7d48219ab138d 4337a0aea4b94d337f1259807e83ccb951770195 2fd9184c2ab8590039fcfedd04a068c7b265664a465a993953f9b70e1140bd17
GET /js/jquery.infinitescroll.js HTTP/1.1
Host: dtwlukf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dtwlukf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 15:56:51 GMT
content-type: application/javascript
last-modified: Fri, 15 Mar 2024 03:31:37 GMT
etag: W/"65f3c119-9256"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BZDk2NF9EHXhqTTePko53XkVriT4J9xeDOoZO9%2Fgx0JDS1FAAi4WYHKTiuIYIAZSvGkqBJ6TMRHRYl%2FUH0pnQlPLckH8ohY3dQoDtG2GZbgxEChc89TEnEq7qe8WKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9aed0cea156ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| dtwlukf.com/js/jquery-1.8.3.min.js | 172.67.155.65 | | 79 kB |
URL dtwlukf.com/js/jquery-1.8.3.min.js IP172.67.155.65:0
File typeJavaScript source, ASCII text, with very long lines (65482), with CRLF line terminators Hashe1288116312e4728f98923c79b034b67 8b6babff47b8a9793f37036fd1b1a3ad41d38423 ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32
GET /js/jquery-1.8.3.min.js HTTP/1.1
Host: dtwlukf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dtwlukf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 15:56:54 GMT
content-type: application/javascript
last-modified: Fri, 15 Mar 2024 03:31:37 GMT
etag: W/"65f3c119-16dc5"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6K1lpa0nZLY2jVq6c2sUFaWiWd1kWL1EQ6jfDVgbnz6UU%2FFY0bLuoW4mbc6pqM4pf%2FiUXOGzmvtMxd37EdHr40V3Y40J5xWtbF5ecddawg292ihqZC%2BEiPiM3VFHgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9aed0ce9b56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 1wnurc.com/affiliate:link_visit?partner_key=ygid&sub_ids=undefined | 190.115.24.78 | 200 OK | 394 B |
URL GET HTTP/21wnurc.com/affiliate:link_visit?partner_key=ygid&sub_ids=undefined IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wnurc.com Fingerprint29:8A:BB:7C:EB:85:87:ED:E9:21:DE:1E:36:30:4D:27:BF:70:F2:01 ValidityFri, 03 May 2024 09:17:12 GMT - Thu, 01 Aug 2024 09:17:11 GMT
File typegzip compressed data, from Unix Hash6343828acd97e18ffee68f5a7a85074e b19a97a91fc4c6446ad1ac88c1da25c22db0f673 071bd2ea8f654dfbe84ec1e08076493cddf7f9e059c188c6915a87be6cc71a1a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /affiliate:link_visit?partner_key=ygid&sub_ids=undefined HTTP/1.1
Host: 1wnurc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wnurc.com/
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=nvZI7ibdzPCQdh23MAo3; partner_key=ygid; visit_domain=1wnurc.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 15:56:57 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.80.195:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/44881.08b617166.js | 154.197.121.128 | 200 OK | 123 kB |
URL GET HTTP/21win-cdn.com/js/44881.08b617166.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size123 kB (122707 bytes) Hashe0d627b5b5efb985d983582f5edc9096 1258f69acb10529e9f930c9a3439b85ffb8c2144 78ec230f9aeca68d9d422508635bcace43f0f08a861538758dcab9909ad763b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/44881.08b617166.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-66062"
expires: Tue, 02 May 2034 15:56:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 87520
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0b2e517131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wnurc.com&EIO=4&transport=websocket | 134.122.54.186 | | 0 B |
URL 1win.direct/v4/socket.io/?Language=en&xorigin=1wnurc.com&EIO=4&transport=websocket IP134.122.54.186:0 ASN#14061 DIGITALOCEAN-ASN
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wnurc.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wnurc.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wkpTw5UCFcq2S5TKOXnMNA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: 7a2QFQJVfTe/1N3GwuzRQ4+sH0M=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=1727b18126aa5ee2; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1wnurc.com/firebase/8.1.1/firebase-app.js | 190.115.24.78 | 200 OK | 6.6 kB |
URL GET HTTP/21wnurc.com/firebase/8.1.1/firebase-app.js IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wnurc.com Fingerprint29:8A:BB:7C:EB:85:87:ED:E9:21:DE:1E:36:30:4D:27:BF:70:F2:01 ValidityFri, 03 May 2024 09:17:12 GMT - Thu, 01 Aug 2024 09:17:11 GMT
File typeJavaScript source, ASCII text, with very long lines (19927) Hash5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wnurc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __ddg1_=nvZI7ibdzPCQdh23MAo3; partner_key=ygid; visit_domain=1wnurc.com; core-sticky=http://10.233.80.195:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI4MGViZGMyNy02MzVhLTQxZTQtYmY1MS03MzY2OGNkYTY5YTIlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE0ODM4MjE3NzI5JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNDgzODIxNzc3MSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTIycmVmZXJyZXIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnY4LmZ1cnhjcncuY29tJTJGJTIyJTJDJTIycmVmZXJyaW5nX2RvbWFpbiUyMiUzQSUyMnY4LmZ1cnhjcncuY29tJTIyJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 09 Apr 2024 12:19:40 GMT
content-type: application/javascript
last-modified: Tue, 09 Apr 2024 10:12:46 GMT
etag: W/"6615149e-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 2173038
content-length: 6578
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| dtwlukf.com/js/autosize.js | 172.67.155.65 | | 23 kB |
URL dtwlukf.com/js/autosize.js IP172.67.155.65:0
Hash2f48e883cbb6710b8923795dcd961b1b e513ab50cfa197d5f1f1a8b2af049e00d7c089f3 4351cfc75e306c16ea7f50e4ad034505d0e6c6a69eb3059c27625360970e60af
GET /js/autosize.js HTTP/1.1
Host: dtwlukf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dtwlukf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sat, 04 May 2024 15:56:48 GMT
content-type: text/html
location: https://v8.furxcrw.com
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FLivQNtnJWvmh8QZMHVvcd%2Fij201LoMJ3Xg%2BaltiB5ufnvvhEEp64%2BnpavDd%2FvgA6WzJwOdpNi9gV%2FzyU%2BMHHGkmSO6HLiKgIFnr4%2BDn8pLgD1xqYmelvn9vy1pCWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9aed0deb156ca-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 1win-cdn.com/js/68410.33fbe7e58.js | 154.197.121.128 | | 20 kB |
URL 1win-cdn.com/js/68410.33fbe7e58.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash90b7e564988dab48efa37a2aa8b8e8c0 e73a450a9f1f498c52cdbfb3775e2482f1c52712 72e03e9d9273e9929c6ea9c00843859dbe1c84f3e03ad92d90011375eddbe0ee
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/68410.33fbe7e58.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-e07c"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 334560
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0ffd207131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 | 142.250.74.168 | 200 OK | 106 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (50345) Size106 kB (106292 bytes) Hash9c0a6423b4077e8e4b86514a3b0bd041 5c8933767b9953c66061e55bea4c7e9c9c436c40 d72bda63887a41a74695334830b6ed88a5d168d3969aaf46467ce693eaebfff8
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 15:56:58 GMT
expires: Sat, 04 May 2024 15:56:58 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106292
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| dtwlukf.com/js/jquery.leanModal.min.js | 172.67.155.65 | | 13 kB |
URL dtwlukf.com/js/jquery.leanModal.min.js IP172.67.155.65:0
File typeJavaScript source, Unicode text, UTF-8 text Hash2e1176cd180e6daacbc3fa4b0b841f64 fc3f3065388fd2550d5d7e9914fa4876b7e3b4b5 a95ee714c76a3cdd9627cf5af82073210300522b33a217b127acd9426a96efa1
GET /js/jquery.leanModal.min.js HTTP/1.1
Host: dtwlukf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dtwlukf.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 15:56:48 GMT
content-type: application/javascript
last-modified: Fri, 15 Mar 2024 03:31:37 GMT
etag: W/"65f3c119-b41"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LSykUEU3YolZDKT7AJbnKQfFcb%2B0MQWD9scdOfPNUmYad7tLDHXc8KOg9ybPZLwr0UmdTfFMG9DH8%2BtHOjhc%2Btjh4EnVl0%2FBxgA6GrAf1J8SUXJPTHslo66FBQalBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9aed0dea656ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png | 104.21.75.209 | 200 OK | 58 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 363 x 429, 8-bit colormap, non-interlaced Hashf5c26decf32eb643468c81ea9dc51585 32f26e84d2cc98f1f932ebba175eb9bb1cb18cfd 05bc5fe29e1b5dd0da7faf912adab322dbf0297cb36d5efdb12d64aff4d98ac7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/png
content-length: 58091
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2MzExOTVhLWNjOTki"
x-request-id: _aNjZdmyrajc8nPHTFr2D
cf-cache-status: HIT
age: 323584
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9794HzJxpjYOK73zEwPvprAffkBjCd6Vo%2BkbH8JbzLIBJ%2FCVXLQ2neQOg4iQbP67QXrNWlqF%2F0o62S%2FPCO3Icq8a17pBPCsaPMVazfe%2F4B7VSDQvLcZYCE6p4WYsuq%2F8qUiKigszWNY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1219cb56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png | 154.197.121.128 | 200 OK | 20 kB |
URL GET HTTP/21win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 600 x 295, 8-bit colormap, non-interlaced Hashb924bd42443557a1ef9d41f043ddf175 a9db601e2941557cba7e3e688390aa43e8411e2e 8103c7873a41f0c2d28c5738b5bfb26bf324123930e0f49f7cf83964211b1def
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.daea5f5cb-600.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/png
content-length: 19467
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21524
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-5414"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1208287131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/745.ca3fa56a5.js | 154.197.121.128 | 200 OK | 57 kB |
URL GET HTTP/21win-cdn.com/js/745.ca3fa56a5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashe31e874cb4ebf2bcc1f98a4fb7a7173d cf1cd89195906d6bf02ad54e15ac4e4e5c9e7499 b3860eaf955b25d40ac54e15f4d96327f66939ac6d8f44dee5d66852568833e1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/745.ca3fa56a5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-5eb8"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 110890
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af100d317131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8726.6a357273b.js | 154.197.121.128 | 200 OK | 7.4 kB |
URL GET HTTP/21win-cdn.com/js/8726.6a357273b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4f628d6129e8ca0a1af51378aeff5f8e c27cf58e56db00a4bddcd96bdb8ce14a26d41bb0 2f5cefc96b0c36f4e428453e1d381b321348c9091077fd1968f7a6130e64a8d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 335862
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af12486f7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 16852, version 1.0 Hashc4f31a30bdf4dbced79fb75fc03111cf 14765799051deb933539e19f1ffa26198cabd4c1 cded98e2b95ccbf34690d20e4d466e2457d754f960b819d052d188dae2c9e9fc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-cyrillic.e423f3776.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wnurc.com
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/octet-stream
content-length: 16852
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: "660d5374-41d4"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 334559
accept-ranges: bytes
set-cookie: __cf_bm=5hXx09G3hgudN6ahECVdCNhqeGbWG0SQNQ1.bmWgAI4-1714838218-1.0.1.1-d13rpgqZZoejSGY_YJXhoAKfw4Sp4QbcmZO0giZQPCAT_INDJqOVg9PD4yOPNsdleC8oymOc2hriUJxm25HUjw; path=/; expires=Sat, 04-May-24 16:26:58 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af134c31569f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashbd11730c197227300ae5e1b00b8cc637 c0e28cfb09642e9402f12f9c6677242ef671de33 2868cadf19218572e4970158bb91602551898a040cac6fed88b1d98d77f1b649
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet-frame@2.52cde99d0-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/png
content-length: 3888
cf-bgj: imgq:100,h2pri
cf-polished: origSize=4458
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d1-116a"
last-modified: Fri, 03 May 2024 15:33:37 GMT
cf-cache-status: HIT
age: 2796
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af137a567131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57552.ee60d28a1.js | 154.197.121.128 | 200 OK | 58 kB |
URL GET HTTP/21win-cdn.com/js/57552.ee60d28a1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash8d147e6129519b258618aaf007bc2367 63d7cf9c54ccc58d2cace8e9a985d611475e4c65 d7eb6c1ff7bb7e9c3d9936da9cf43fb029b34c2a5577fbecb919b8a2784a35cb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57552.ee60d28a1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-1262b"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 340188
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0f8c847131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/58258.98332d90c.js | 154.197.121.128 | 200 OK | 380 kB |
URL GET HTTP/21win-cdn.com/js/58258.98332d90c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size380 kB (380420 bytes) Hashc7c525d1e8220ec4f58023c2931b71e5 fea12b8de804e13a4c3df4d680e5d526ee59f00f 023e972c069d224698fc9472c2755fe85b8fb8911b139372330403e69ff1563f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/58258.98332d90c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-a8c"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 335862
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1268ab7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/10400.9ded7920f.js | 154.197.121.128 | 200 OK | 31 kB |
URL GET HTTP/21win-cdn.com/js/10400.9ded7920f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash00c31c2b707dea1c1f36634cf3e72046 b937324a0ed19f2bbe4ded75a24ef12e2cfc9511 df008de0a7da0abc9c9db7bcd9611cc26a84e1e9c50c6864aa3736af4dbe5c0a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/10400.9ded7920f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-27f3"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 111096
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0ffd197131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashe46f588febb018229e3c2450c4a3d4f0 4904652973205c308ead578918f7ff5a6a27bf0e 855739792866720d46d60d1a9696327132ecb9a4e9420ec40a861c41a6e57e20
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-poker-frame@2.50a0c1527-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/png
content-length: 9422
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10453
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d1-28d5"
last-modified: Fri, 03 May 2024 15:33:37 GMT
cf-cache-status: HIT
age: 2796
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af139a817131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-roulette@2.255074856-256.webp | 154.197.121.128 | | 720 kB |
URL 1win-cdn.com/img/sprite-roulette@2.255074856-256.webp IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size720 kB (719644 bytes) Hash344d71695bd0f387fedd84fba6ace2c1 1d37e2d66ab1098072febc0a0dc3769d44090048 7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette@2.255074856-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/webp
content-length: 719644
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-afb1c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2796
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af139a757131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp | 154.197.121.128 | 200 OK | 361 kB |
URL GET HTTP/21win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size361 kB (360930 bytes) Hash3da44652926631bc4fc847cfcbad6c71 a5f7955272162e543d5db897e200d00d3af22b22 354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-poker@2.a38733e7a-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/webp
content-length: 360930
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-581e2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2796
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af139a867131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp | 154.197.121.128 | 200 OK | 430 kB |
URL GET HTTP/21win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size430 kB (429680 bytes) Hashabaa6833958bdc5427e6fa573cbfa70a d43989916cc382e4e3d983933d9cd52a7d1dbeb2 51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice@2.6e1ac0ed1-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/webp
content-length: 429680
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-68e70"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2796
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af139a7c7131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_android_en.b229a444a-690.png | 154.197.121.128 | | 33 kB |
URL 1win-cdn.com/img/pwa_android_en.b229a444a-690.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash43e03a24e305838eac0629c5cbf85550 85c71568d1008a17b928ac548987911daf187020 368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-9305"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 2797
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af155d107131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Hash45df6c11399190f031e9db37f9f4e785 a8a641e38f707a584b72a5ad5c010e7bbcd7920c 121521ac13372efb3f1ab4c324432d8660fbea196e96df7916ce7457699705a3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.a77f0d650-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/webp
content-length: 12264
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: "663503d2-2fe8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2797
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af155d0d7131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png | 154.197.121.128 | 200 OK | 35 kB |
URL GET HTTP/21win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash232d05b165c6b0fc9695db490aa71f47 f04ccc74ebd190747114ceeb882d51db8e9268c6 9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-989a"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 2797
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af155d127131-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif | 104.21.75.209 | | 5.3 kB |
URL imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif IP104.21.75.209:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash2644fa31ed595bed0cb922c0c7539272 de9318bf140b0f2ea79f367170734ff434917747 8b139975393524fcf487dbb870a640733d99cfb4352c679c7449baf2ca2babcd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/avif
content-length: 5298
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2MzExOTVhLWMyMGQi"
x-request-id: uUYzSMqbksJzETyQNoHBA
cf-cache-status: HIT
age: 329441
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E5BL5R9%2BEjkmIXACrRIpTO9slqdwJrLsmnSRFqFyOGmgfe3LB18GNukFpnfwKJ%2FXTlsf5mYkhoqug8VZLCNJZGe9DSSzG9LAakvbvl%2Bks81XEbYBtq3nrglIzHq%2BqhCjRHweBk4g0fA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af155ec656a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif | 104.21.75.209 | 200 OK | 6.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash6eb918cc26ed4d4b3f96d5b031ebdd69 aca2ee56704a569aa16df44cd5420c8bfb31c6f1 3fba98236326ef72ca6967cc5e0f6ccd4f0f8cce5d06df23e1cbd78713ada4e9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/avif
content-length: 6537
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2MmY4NjBmLWNjOTki"
x-request-id: thjwTp6RlW19O_drMhS7L
cf-cache-status: HIT
age: 344035
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AKphZ9VRtLqgkK%2BC%2FOChnNDJh4DHnWa15EwKG02t74FOV%2Fv0oY3753MK12%2F7tM1QreE%2BE%2By6GIbIFK8T6pchZNBXpDyk5m%2Fwohm6qJvNByikNsilA71J1I%2FweW6neSeWaAeg0HY0Njw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af155ec456a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/casino-mentor.f6b6387ac-172.png | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET HTTP/21win-cdn.com/img/casino-mentor.f6b6387ac-172.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 172 x 50, 8-bit colormap, non-interlaced Hash3ec6ec7d9016e953c300249c2af5704f e7b2ec568a2118a744cdd1fabe6fa8959c637532 135d5b6cdac55c8f3598b1d5d04bcf737608501709df2567d270fd30ba02b25a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/casino-mentor.f6b6387ac-172.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/png
content-length: 1857
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1976
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-7b8"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 1120
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af161e307131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betraja.5cf6f15c0-75.png | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/betraja.5cf6f15c0-75.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 75 x 75, 8-bit colormap, non-interlaced Hash2840e342f235c6d7d76db654ff6a0edd 8f81dc2954a1e234394d7b284e02742730f25f37 2ad89292fa4c717acf6c24a9fa1f4c795f1e63f7e03bd4800c73f989c595a950
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betraja.5cf6f15c0-75.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/png
content-length: 1054
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1174
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-496"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 3804
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af161e2e7131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png | 154.197.121.128 | 200 OK | 972 B |
URL GET HTTP/21win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 50 x 50, 8-bit colormap, non-interlaced Hashd75b75efec83a2230764a8fed9d1dd3e ee4318789396290da2017d433fe622b9a005aff2 24397ec04f26d6b7c9465094a088ab89e4a4216accd5cb45e8563f694dd3fcd5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/best-bitcoin-casino.9c1716b1a-50.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/png
content-length: 972
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1035
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-40b"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 1120
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af161e317131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash78d07ed1a15b31cfce523059bf6951f7 d94270ab2bd2ee3c50799fc5233e8da25145b3a9 c4d99aac7c830b406068f87bf306272ed526595c2ae60924a67f77d65dc01b11
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wnurc.com
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"21ce-G+w/bJ5mwJlUDylGk/bOXwQAuRE"
vary: Origin
expires: Sat, 04 May 2024 15:56:59 GMT
cache-control: max-age=0
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=cCVGS41YhHQgowwyF_RnMYzl1RCAe0HEbSwQU7Hzv4w-1714838219-1.0.1.1-ISQ0gPP3o..4W4psn_U8tzjIB0Zz_KomG0eOxtOht6f8N02.pkMfHYxBGQ4LbSlJOr6HAQdhl3TanTglwAd9JA; path=/; expires=Sat, 04-May-24 16:26:59 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87e9af155ee2569f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/nhl.9b1a4945d.svg | 154.197.121.128 | 200 OK | 76 kB |
URL GET HTTP/21win-cdn.com/img/nhl.9b1a4945d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash8db1bace9e7dc6afb84095984cf36741 c3bf5ba9bd0b16b664b04e07de42e5492c6ab923 8b973e9cb70ff4108ecf36282a1efa330a1553740d64f96191b31d2aefcfa492
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/nhl.9b1a4945d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1584"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1120
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af160e1f7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/itf.9b1402c42.svg | 154.197.121.128 | 200 OK | 93 kB |
URL GET HTTP/21win-cdn.com/img/itf.9b1402c42.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashb18240ea5afe86e849b27fc822377562 4d2c0d6aa803755e788a6e7626b636ae37f74b2b d066831dd09840067c9edde7c3b5bfa3bdee5bab99b7e24ab7d314d2debc1f03
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/itf.9b1402c42.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-af0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2797
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af160e257131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ufc.0ef6261ee.svg | 154.197.121.128 | 200 OK | 88 kB |
URL GET HTTP/21win-cdn.com/img/ufc.0ef6261ee.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash252af455a1e83d1d367f7a84bee1b488 1407baf52b77fd8c63c5e8d132cf44cd586f8024 b12ccec39f1927734b0bdf7a1fdadfd7b6fd21a10f15743174442e32dab6b044
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ufc.0ef6261ee.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-527"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1120
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af160e1a7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png | 143.204.42.156 | 200 OK | 3.9 kB |
URL GET HTTP/2d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png IP143.204.42.156:443
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typePNG image data, 124 x 48, 8-bit colormap, non-interlaced Hash3219393f1efd01cf2db20820dff57cf2 ebdbcf916084a0d5a70680021d269680e9f41d41 8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06
GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 3884
date: Fri, 03 May 2024 16:54:41 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: ccVHe4VopemkOCboeDQ4G4zetp3hz-UnTUC0EWfnjME2yRtILZoccw==
age: 82939
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/uefa.093dd4fef.svg | 154.197.121.128 | 200 OK | 41 kB |
URL GET HTTP/21win-cdn.com/img/uefa.093dd4fef.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashc19b3051590b71e04254631110210e3b 131a0fc8595245199fb39ae846a8a501b854ecb3 42f315c7a876e491e18db8f7ca2ca944ed13eb0a1237208b74b7db4a0eca0117
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/uefa.093dd4fef.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-782"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1120
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af160e197131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_img.77110d4f9-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Hash1f85b44a5305e8928fcae8922301d92a 7ecc0724a7560af7c4debc83014bab875eba685b 660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/webp
content-length: 25292
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: "663503d2-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af171f8d7131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fiba.4b405b699.svg | 154.197.121.128 | 200 OK | 54 kB |
URL GET HTTP/21win-cdn.com/img/fiba.4b405b699.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashf6912caa92bf265dca0ae12856709d7f 6da91bc8e35f309b688f77a0cf323c91ba3e2bde ad55669821154d74fae637853b521359347483668c4c27311eabcc1e422415fc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fiba.4b405b699.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-4ce"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5060
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af160e1d7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.99 | 200 OK | 206 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.99:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wnurc.com
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:59:48 GMT
expires: Fri, 02 May 2025 01:59:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 223031
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif | 104.21.75.209 | 200 OK | 6.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash049927e2f79d1b3f7c0db06be6378930 bc6a9c76a5027d6e63381bb7cf0ff70068d06792 8488c7746bd184e9f0210a44f098d433e1f94e2bec27d1e26c2b75cf82250b17
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/avif
content-length: 6321
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTY2NmI4LTJiMmQxIg"
x-request-id: uf4G2aWnOYwTdyosxHGo1
cf-cache-status: HIT
age: 329438
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cQ1OmGRXYTHedAdFLcVxVGHYqDwVWi%2FVfvIMONRvTyb7830RzBKU0GWdmXaF00dx4lm5uLpp%2F7L9CJgqfinusjRs%2FmmkD6ZPDGwQAscJchyvbcuvC3hEJOyRzIArBsdtKgE%2FrfpYd64%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af184b4f56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif | 104.21.75.209 | 200 OK | 6.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash172757f78e8e2026f280f94f4d032035 17cea3940511dbbbb5077e78e28ddadef3090931 f0480a63411ce5b83d0c87ea580863a1a6908dc635db4309719cf9119d3df28f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/avif
content-length: 6121
cache-control: public, max-age=31536000
content-disposition: inline; filename="61ea6817-a009-4c14-94a8-2d97fb8082c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODk1MmJlLTZhY2Q4Ig"
x-request-id: mDzQ5h6tWKlbyUv2bDsmx
cf-cache-status: HIT
age: 339801
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9bU9xRNVfrRlWKVUFyfYlUt%2FTC0fkOH3gcBGrKuzUPYFb7WnDz%2BYnoZrogiJv0fAhj%2BFuPfa%2FunoFaeUyvJOyeEBA75ltVAOeQOO3n85PcDkEpfdjghBY%2BNQuRxALpCjivEpaBkbOmo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af185b5356a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif | 104.21.75.209 | 200 OK | 5.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash78c35d95a329313abe507e5fd846f7b7 31fb39c006cc6629f8e0c3041eb47bd3e07c4eec 0dd9631740338687b4b97e20f6f7df31f2b2a649af5da408f1283db108a8929e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/avif
content-length: 5097
cache-control: public, max-age=31536000
content-disposition: inline; filename="e47f89a4-3663-4c9d-bc45-fe1845d34e1b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MTA2LTRjMTU0Ig"
x-request-id: AgTsFYATSt543oOCtJFQF
cf-cache-status: HIT
age: 334560
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cm5J%2Bpccq7zNaLvasm675DrAV4L%2FWbCEP3BLmxxRS2krBAXRJxHA%2F4x3IHB5IbNnaU24jP47mzd9vHjjW0TevHC0KJGZ%2BV8RsLdcFDgz%2B9PqQ6KYdRpV75yBXYj%2FECQm6trslGRzGos%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af185b5a56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wta.c6d5e2ef3.svg | 154.197.121.128 | 200 OK | 7.1 kB |
URL GET HTTP/21win-cdn.com/img/wta.c6d5e2ef3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashe5f391ca7aa6745c599feecedccfb3f5 442a049a8b44feb52efccdfec0e6b8d85f557de9 8a4983a5df474064c8001c6e27c169acde555277e8a1973ecc1b74b351d57f06
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/wta.c6d5e2ef3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-d04"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1120
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af160e1b7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mascot%20gaming.21cafbe70.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/mascot%20gaming.21cafbe70.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash42a280641ae27197ff67c71c72debd0e b2cc7c4dd946d3cf418d64e890a2a6348b9c22f8 2bf867712d0f2f2c440f757272a26ee8eb87136b4610cd82fb1c591caca858da
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/mascot%20gaming.21cafbe70.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-144f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6743
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1afcbe7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netent.95417a961.svg | 154.197.121.128 | | 9.5 kB |
URL 1win-cdn.com/img/netent.95417a961.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashf7457f8f5e993976eb5d7797071fba33 6905310d0f9504cc95f0d0db8a0c75e33d35e459 4e0cce8831e4598a379a4d262e773b8800dd9c864e352e4fe754dfeadc8822e2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/netent.95417a961.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3f7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1b1cf87131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamomat.593230062.svg | 154.197.121.128 | 200 OK | 9.3 kB |
URL GET HTTP/21win-cdn.com/img/gamomat.593230062.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashf4dda5591e8f20bb4730a2ff3ad2c89a 1dc338e13cd2f5240c185a4198a3dad8cf121a34 971c9383ffaf776a368f0ff16879e9d4ab4eab072697f322dea0f01b80e10379
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamomat.593230062.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-283"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a9c577131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/habanero.92654c79c.svg | 154.197.121.128 | 200 OK | 9.6 kB |
URL GET HTTP/21win-cdn.com/img/habanero.92654c79c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash9d0b11a488f27d1624263054ca3af37c 07343ff9e74cd776361843b750faab20ba8751da 3c63dda9e6ae34d9afebbc9ee94236317379adb4a375606a0eb2952a50b13662
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/habanero.92654c79c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-de9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1acc7b7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/genii.367222bbe.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/genii.367222bbe.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashe2f95f33742fd5b8cbf4122f43862028 0d471c08f74639350950af126a5e69f686db08c0 f000f196f60fa7796ec081a33fe34d6400ea428398cca64fc1e8998fad891ddc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/genii.367222bbe.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-ecd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1aac5c7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fazi.19d7f4b72.svg | 154.197.121.128 | 200 OK | 9.2 kB |
URL GET HTTP/21win-cdn.com/img/fazi.19d7f4b72.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashb7f7dd1dbe281f597d099e410e913528 1a3ff6b822a63320392031271646cfad7d803ee9 3dd219ce72f12900947cdf3573e821aa835c0b8cbf0c84027788fb4576d8d605
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fazi.19d7f4b72.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-285"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a6c177131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/endorphina.20b721ba6.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/endorphina.20b721ba6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashf6ff090ec3a9305d26baf7871d66020d 5b8783a01bdd1118897b2ee63b54996dc798c6d7 b53dac3be913495bc79ed60e36472c5ae1ca803e23b8f95b096937d13474a212
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/endorphina.20b721ba6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1bc9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 179
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a2ba67131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fantasma.8f4e2392c.svg | 154.197.121.128 | 200 OK | 14 kB |
URL GET HTTP/21win-cdn.com/img/fantasma.8f4e2392c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash7311ffe702a922b8b769aab3981e9e77 8e1946bfe31cd419fa289f120939c408e63e344c dfba477d419f42d60ed303565130371a5f1063977acb5825a6c5bd1656653418
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fantasma.8f4e2392c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-d34"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a6c117131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif | 104.21.75.209 | 200 OK | 8.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash9867f5ddac7eff5f2fd88dfdec8fd493 6ea9a242437fe23c61e09a00030ae3eee78d3cd1 2a35868035bda3ac30307b7226b56456bb7bab2d244b808e07d3384cd18ba1e1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 8337
cache-control: public, max-age=31536000
content-disposition: inline; filename="fbcbd07e-2fbd-4b00-9edd-96eaae801b22.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZTFkNjFmLTdjN2M4Ig"
x-request-id: I85TlysGV19zGB3VN3wxj
cf-cache-status: HIT
age: 329439
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sKxRkONydUdcJUsNpy1AzgCP9dh5HUrphX8MSsI425TG2%2BpC1mPF1QnM2x1%2FNicb8o2e3j32xa5qb81bDKr6seMMawgrhXVXSIBpoSHhRlfF0JZVzzMkp2JqOpLqTfl%2B%2B0YkNP%2F7oXM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1d6b7556a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/4theplayer.f89265cdd.svg | 154.197.121.128 | 200 OK | 8.9 kB |
URL GET HTTP/21win-cdn.com/img/4theplayer.f89265cdd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash7d1648d00d0a965d94707b707e26fc26 a04320ba74c4e385ba3ff7404e272db01aba7853 f4e1687fe067d5ed4969f3fb224fe432102339adae5f43c6e3c433ef5af2acb2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/4theplayer.f89265cdd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1067"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af18ea1c7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/oryx.ddc50c514.svg | 154.197.121.128 | 200 OK | 8.8 kB |
URL GET HTTP/21win-cdn.com/img/oryx.ddc50c514.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash247040272d2654091f86d95e832ff041 543d2b6f82ea7c79a73e7aebba90f0b8fbc63fa1 fbcaeba4d000be315132d90b774169edcfba0ba93cd182168af29723afc8670e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/oryx.ddc50c514.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-557"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1b8da27131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/barbara%20bang.790acb7dc.svg | 154.197.121.128 | 200 OK | 40 kB |
URL GET HTTP/21win-cdn.com/img/barbara%20bang.790acb7dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hasha692ce10e4e17df36943eb31c18cb7ef 3b90f6e42701d76d650da411ba6e8d8411830256 6afdcaa7070b8b4b144cc29724614cc789f61b3c5f50f566c4ea38f72c04d5dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/barbara%20bang.790acb7dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-68da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6742
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19bb1f7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif | 104.21.75.209 | 200 OK | 11 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash69589818044ff973aa67c696e7e394fd 0f03ad92c7eb38789b111436be2e733faad871a4 11b7536dae29bf130716d915551940bb971627b613ef1ea7e1e351a0411bc534
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 10793
cache-control: public, max-age=31536000
content-disposition: inline; filename="aaf2d443-c77f-48d2-b319-c986f21359b9.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDljNTQ5LTRmZWNiIg"
x-request-id: BsBdAEl7D51TnYMcZ71aV
cf-cache-status: HIT
age: 329439
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jYUSIPiOGqenlHuRKr8HPG2kuB0cuFmci92k8kyP%2FoeUKWpFIyOLDBBL1xVkU0tn%2FEfzA5ngpISvV5jVQYFIk301hygq9wQVJe9eLrz4PouxHsPh2CH%2F2jvecptHHvFIhwSnSUjpmik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1f9e6a56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif | 104.21.75.209 | 200 OK | 5.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4ed163b7295ee97d380351dd868d4216 6987db5ad9f1b684e98e657aacb7dd38706e6a34 f612299c5c7d80db2a40298d6efbcce5aa740cbf02b0bfad807a91a60a11f606
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 4967
cache-control: public, max-age=31536000
content-disposition: inline; filename="096d2c09-0aad-4662-8a89-4d8777978e05.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZGRmMGJkLTRkZmFlIg"
x-request-id: tIWim6rSgFENbirgZB3aQ
cf-cache-status: HIT
age: 340210
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NHqehjZtZEoXpZqiZQoaWhRJCtVZgSCMamUvLVx1TKkCF1nVlkhdXreVwmIYCRc878wPquCrtWjpjeEGHDl%2BW7qspHmbbfPYvY1tEnjLZSMOsUkqH%2FL2Ee5XttgjyV18%2FWvIv9MWR5w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1fae8356a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onlyplay.1c7a3c455.svg | 154.197.121.128 | 200 OK | 6.9 kB |
URL GET HTTP/21win-cdn.com/img/onlyplay.1c7a3c455.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash569a271df8470632f60967c608e14fd3 2d0de8d3413443e6aeea0291c0804c6d73d200ee 99a2f8677dad23dcfa91eac767face389fd02a5a62d05c50143de900f4b6ef30
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/onlyplay.1c7a3c455.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-6ad"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4060
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1b8da17131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif | 104.21.75.209 | | 5.0 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif IP104.21.75.209:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash3c7a3851260b12a9627faa9016f3ce1f 9df4442c906d9741c13ef21ed9eefb5f99d044c5 8b330aef0c0829a3f623aacd997fcae862db1c1b712f56cfdde0c267417d4942
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 5004
cache-control: public, max-age=31536000
content-disposition: inline; filename="bd529428-aaab-4991-a790-150cd6317398.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDQwNTUwLTEzNTFiIg"
x-request-id: POGVM5U7XburYgl2LOHs0
cf-cache-status: HIT
age: 344035
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mFLG4J4KZMlMtdPE7h23%2FfLgS%2F0OPZbQAvEHrolXdKLNDmrLwKhqn0OqVgZ1LZLLhzCkK%2F2SBBcxtfPIF8Jsg6DjyZsuZaYQrXuHlZsHU3fZtDi1yg4SGnaTBOcr%2F2X8IOaFBZbv6CU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1fae8156a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1spin4win.bb21057a4.svg | 154.197.121.128 | 200 OK | 5.3 kB |
URL GET HTTP/21win-cdn.com/img/1spin4win.bb21057a4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash8e20c98bbd2760d623bbe8dc25f27721 30ee504cadba0a6cc9629c6f23497edabdd218fc 832cec471afb5faa4a1cef4a911c256ba3296d80644decce38a05abde6247208
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1spin4win.bb21057a4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-4da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af18b9d47131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif | 104.21.75.209 | 200 OK | 6.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashe96a71a5fe56033b87ca3809fb4fab55 22b9068fece941bf32a6e67885ea41fd70233ac6 e7d80eb4af58fe47ec89fadcf5b2e5969f43527c11668ae3f4af541fe61a5853
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 6634
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6a15f20-ce33-4ddc-9763-e38986fcdb2c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGMxZWU2LTNlZDNkIg"
x-request-id: qDJlJ2R-SOJh4usDIwbZn
cf-cache-status: HIT
age: 344035
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VJvcXq%2BXsSp%2FZxquopjRyRWJY%2F9bwjb3v3WMspnZmm6kEt3cAFJR0njb1lusFqcHhEI3qI05onNgoz7zTptAMBFXSdRvEEmQBKcp9KIzAhGeCaH%2Fdw39Wj2MCwSzxCpCGRN1sXSCIi4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1fae9056a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57460.093f52cba.js | 154.197.121.128 | | 7.8 kB |
URL 1win-cdn.com/js/57460.093f52cba.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashe897a387b3e18e69c3f52ce3f9bcb8e2 09c65181dbdb0aaf0cb821e1281710d81f420937 f0efa84990a434f35e814a40723f558c335aa197f7713cbc0728f6e5ce1f70b0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57460.093f52cba.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1b6"
expires: Tue, 02 May 2034 15:56:59 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 340183
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af18ea1f7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win%20games.9b8574150.svg | 154.197.121.128 | | 13 kB |
URL 1win-cdn.com/img/1win%20games.9b8574150.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash7d923344b0ff55ff7f15c13fe7063a0a e6f24b4b102b1d4e55b350bd9d5036492dfa342e cc0d07e2a5e50f4eb0ded2cbe68bb17ed8499e501e332ed9edff5f0c6d939f60
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1win%20games.9b8574150.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-643"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3248
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af17c8817131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/games%20inc.64fb099a0.svg | 154.197.121.128 | 200 OK | 9.9 kB |
URL GET HTTP/21win-cdn.com/img/games%20inc.64fb099a0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashd0e3a3fbeb5dc4ba7828223a1663101d baf2effe12d9333bd0b9948e05311abcda8c28d8 ebb523abe551699a43523a07c45c3bb85256070d734141b74971f741db0204f4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/games%20inc.64fb099a0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-2b7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a8c3e7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif | 104.21.75.209 | 200 OK | 6.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4e7067f0087797bc8a2752288c82d468 7a97f30b9cf7b7c0167847006aefcd3411e4c414 626952781c5dcc08fb5dc238ced257f7bcc86ed4e656e61c829199ab4f023e62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 6364
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_d25464ae840baf966d3d1019c718c0fc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYyOGUyMTVlLTRiYWM1Ig"
x-request-id: TlNWZ38pE9uIHD6irnmEj
cf-cache-status: HIT
age: 335343
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c9vo9aUM468Wu%2F4KAe0VOZoNUf8bz2spN87sKL1LROfZu3rG97xexp4J6WABW5oR7Ln32N0fgzmy12kvF1pRw5UxINDcqCM%2FI3lnkgdjzSG7CcOZDykZfgedALFbOXv1LPT2lMPhn4k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1fbea156a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif | 104.21.75.209 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4690a4b61d201902c45336db8106dff9 939591a5793aa03ab3071614e332b2b9d25e4c27 26f706b40a0dfebff8f896074f248c0dd60d2ce1372c3d23bf8bc14c862fe976
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 8152
cache-control: public, max-age=31536000
content-disposition: inline; filename="cf957920-b419-48fc-9770-c04187b3098d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY5ODg1LTFmOWIzIg"
x-request-id: CuQxJIWN1LOaM0eYxzpAe
cf-cache-status: HIT
age: 334561
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5IGiNTO4H9v9pXLjwYwwMrTPQg32zphveL7dQrosYBLVhZ6aSWIMc6Q98uNQszUeqzM7t5cvAg7AQskl6gpjlhfxAaMM8t1gDwnjaV6HFwzSdPHyiOisCkUIFRc%2BZzVn%2FYTevAjGsx8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1fbe9a56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2gaming.00302c7de.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/1x2gaming.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashd26afdf623dcb1ad52c7cf7d079aa533 69da358041fc1d5deea8499425d329572bec3999 ccb37f81ef8b8f0d92c71a8d6f5d24f63eade9e4f8c1f20f58ab25b011d6bdbc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1x2gaming.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af18b9db7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/atp.e87cf2801.svg | 154.197.121.128 | 200 OK | 14 kB |
URL GET HTTP/21win-cdn.com/img/atp.e87cf2801.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash30d6aaba1acb1bdd702a62e700d02a63 78731b243e5c2788ab0265e03162ad252d2f611c 3465830687983c6432afeb24d271cee114333a2c8e10a667f547f08b456cbd77
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/atp.e87cf2801.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-2f1a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5060
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af160e237131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamzix.c753c377b.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET HTTP/21win-cdn.com/img/gamzix.c753c377b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash01432034ff0192924c9f078dc598a055 2b3633f034a1f29364612f04c19f70a233d8d834 39ac99d6a55174dc32ad88943e9825b642b4d0cf36923937e88b28bf8ef3c6d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamzix.c753c377b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-f3b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1aac5b7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amusnet%20interactive.428b45c71.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/amusnet%20interactive.428b45c71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfceeca8a4991ee542820acfe0ac2b6b1 aa744edfb6c8b9bafa4b29fef5a84117a5f678f6 3d668536d71fb93681b91de0c73cf1b67c2f270834eb4b29c52f45420f9109c0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/amusnet%20interactive.428b45c71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-2a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af191a587131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cyberslots.988fdd12e.svg | 154.197.121.128 | | 3.5 kB |
URL 1win-cdn.com/img/cyberslots.988fdd12e.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf172e24568db662b784278c9115eada6 80d9f3ae58917576573da9396bfcb4e352a6a79a c7e32ef6ddf22de7f90184c02d221e3160a514a5ada599dc29846001c854222d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cyberslots.988fdd12e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-901"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a0b937131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/elbet.701d0b0cd.svg | 154.197.121.128 | 200 OK | 7.0 kB |
URL GET HTTP/21win-cdn.com/img/elbet.701d0b0cd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashd8795a297d473d9adaae44d060faf3e3 c585b6092ce3c3ab8a89228470d7c28f88857de8 93b3f4701b43ab018d758d8b8aa0aac1c51f0c984a0c3d6e7d2c78e2ab5020c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/elbet.701d0b0cd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-2a4d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a1b9f7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/revolver.25aaacada.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/revolver.25aaacada.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashf91752f6d005069745b5812187235a36 d41debfa22a5cb0f2be2974aaff52bc2db70340a cd43c633efff1392f5f4b6ea60835070accdd5e23fe67a8a3cdf9ff90d8851f5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c1e637131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 42 B |
URL aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text Hashf8f24fa0c857d8f2ee493e131b85ab62 cb6049f830a54d14a19d4104fc0bb5ab5fdedbe6 e0dadbc9cd1f1bd8ce3118cc3383e0d0f6d147f055265d498d99deea956ba00f
GET /update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 15:57:15 GMT
content-type: text/xml; charset=utf-8
content-length: 42
rule-id: unknown
rule-data-version: unknown
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp | 154.197.121.128 | 200 OK | 354 kB |
URL GET HTTP/21win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size354 kB (353842 bytes) Hash8df817e5ef0af5dc8279d3f20cae9bc3 12c85bcc74a48053c92f3f75ce3c14e1a19e46d3 61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/webp
content-length: 353842
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-56632"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2796
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af138a5c7131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62825.cf3a1caf6.js | 154.197.121.128 | 200 OK | 736 B |
URL GET HTTP/21win-cdn.com/js/62825.cf3a1caf6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (768), with no line terminators Hasha56324a88fee02690b8a3ed35e889018 18e9af315ba78b3b7f467894aa838ef2eefee254 dd0ed1a086018d01466171d96d3c7d99fe4a0d88e8d965bd2d08f31dfa541202
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/62825.cf3a1caf6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2e0"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 330206
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af12a9247131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png | 154.197.121.128 | 200 OK | 8.1 kB |
URL GET HTTP/21win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 500 x 500, 8-bit colormap, non-interlaced Hash953b3b7e0c94ed3c3af678f19b076c5a 993c897eadbd5f11f4fa712cda067ea633c8e68f d996933d2daf078f08f1460583730af70894c8e2317c273661c10aa3affc5acd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cricket-betting-guru.cfe7d4265-500.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/png
content-length: 8067
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9249
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-2421"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 3804
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af161e377131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betsoft.cc500155f.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/betsoft.cc500155f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfa91200f1738243c9a1bf9ebf853c238 43a438416c285aaf55c7f2edb2676616ffa0c838 9235396681ab2e82a2b5ce89e4f2e711f69cde3f6fb83af4050e110c4a55d3c9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betsoft.cc500155f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1286"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19db3f7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif | 104.21.75.209 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash2bb5dde390003652a0eb9ebe2ec82506 a380f9976a7e050fb4d5d16645fb739f1c012635 8a7bde50fbfc69782f930b7983c89539fa483d076ec7bfd327cbf615987bed3b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 8197
cache-control: public, max-age=31536000
content-disposition: inline; filename="3223fafb-6b1b-46ba-bb4e-d667854eb8e8.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NGIzZjM1LTMwNzIxIg"
x-request-id: ejgpplgS_jgdEjE0wtm06
cf-cache-status: HIT
age: 329438
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F9Pm%2B%2BZy8XxbIe1dnpT1B3MIcSA9FZkdxnM9ExoC5%2FRftDJg%2Fbad9nNTujVFuKi2G6v0AtPTDjUZwdxhMei0ikZj023YWOdkp30cuPMPEVluMFVoDbA6%2FpNpCNqYFrttsnQTjY%2B8ZY0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1fbe9d56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ezugi.a9c66babd.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/ezugi.a9c66babd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash329b99ccd51d8cd3e1a5c8a1b83a84eb ad907259ddfcffb089829ad24a4411ff1cd4b1c0 96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a5bf27131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fugaso.1a40d61ad.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/fugaso.1a40d61ad.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfbe83afa72fe7a858d1fcd467a7e3acb 5dc85aabeac449d7287662a7b6ffe2936e447b84 21f646343e711bc51884ff1699ff6dc11de867dd10a58fee0ad946c197d46cc0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fugaso.1a40d61ad.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-951"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1980
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a6c1a7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/en.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/flags/en.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash79e4258317717cae7d54221d403e28d4 85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a 0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2124
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af112ed67131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/nolimit%20city.5b7440267.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET HTTP/21win-cdn.com/img/nolimit%20city.5b7440267.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb922d7644363785eac0ec67b0a31e5b5 aeb685310c81a6bbde2c3dc8c6e4bfcf59c77336 f5949bda30ca6a410fa6db0e60789cad60c32183d2f52b4888ab292910bd45bc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/nolimit%20city.5b7440267.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1b2d0f7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/silverback.297288e25.svg | 154.197.121.128 | 200 OK | 42 kB |
URL GET HTTP/21win-cdn.com/img/silverback.297288e25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash2910b9f6ba7f900a0246432d2777b217 86b09b58a3eb69c70f175e577cfefd4efe1dfa0c b5274849cf17745568ee5854a736f1ca11cf874511dc6554884c6083155fdde2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/silverback.297288e25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-a2dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c3e9e7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif | 104.21.75.209 | 200 OK | 4.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4e85a0bde3faf39a0eb79d1afbf94a3c bfda6edfa14599e73e5a8096ae707b7355fb9d2f fea08e33454d5f3e26915f9862ba5acc30108166648fa38500e19f7cb1324473
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 4683
cache-control: public, max-age=31536000
content-disposition: inline; filename="6f680e79-feec-4211-9534-21a166c91202.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YzM2MzcyLTFhNTFhIg"
x-request-id: SDhj3o6iI09jSaV1xC7zB
cf-cache-status: HIT
age: 335343
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FIqVdH6b4On1jb56sCgWVcgvEXSuVsJJ4YFKW5oe0Xvb4kG0DIATF2lm2tsMAgt9GFy06CGP9%2FmeZv7STn44pGaHVU9U0%2F11%2B7xYLkBFUDbOxtBcr%2BL4%2FLFTyTkXCow%2ByzzyZdbQuSc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1fae8b56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/18860.d3e8c1777.js | 154.197.121.128 | 200 OK | 28 kB |
URL GET HTTP/21win-cdn.com/js/18860.d3e8c1777.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (27990), with no line terminators Hash4b143001b05330bb316fe6b48531dbb6 ffa1e8fc89a58cf47350481057028603fe7fff91 d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/18860.d3e8c1777.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-6d56"
expires: Tue, 02 May 2034 15:56:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 330268
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0b1e487131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8653.ed7806659.js | 154.197.121.128 | 200 OK | 952 B |
URL GET HTTP/21win-cdn.com/js/8653.ed7806659.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (994), with no line terminators Hash1a63c0338e50d3b4dfe4a7cea9098d20 3915a35a401582840fc4139f2a94260a8cc21c12 5876ed8be9f28ec2128149035402d973d5b243d80e470048018ec6df9c3d6439
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/8653.ed7806659.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3b8"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 334559
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1278e57131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/46719.c1d2eb9c5.js | 154.197.121.128 | 200 OK | 527 B |
URL GET HTTP/21win-cdn.com/js/46719.c1d2eb9c5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (545), with no line terminators Hash8375a4110ec42498df870269f31e79db d974e51c02dbdc175ffa8d4384b385ecce38e581 b63b4ea04779e05a75b5e69f026faa71ee3601834dc416ce230a65ef9171d861
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/46719.c1d2eb9c5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-20f"
expires: Tue, 02 May 2034 15:56:59 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 343052
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1859537131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/caleta.b1dc71f69.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/caleta.b1dc71f69.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbbba19a0f7e2c3b02a8ca7d7c833eb63 5dd340d9cc4c395174865b155829f3054fb29275 96061a9a0bc3a990d16e91b8c52ca6436dfde7223b3e9741bee8a772f4559ccd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/caleta.b1dc71f69.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-518"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19fb697131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/worldmatch.9f3d40aa7.svg | 154.197.121.128 | 200 OK | 522 B |
URL GET HTTP/21win-cdn.com/img/worldmatch.9f3d40aa7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc3aab966ecda4dadceb7b556b4205478 e8e501768b244593d7e5a59b6a7cf77e3b0d4581 ba1ec219d7a5dafe4c7ce5aa35171278f90b26d55c3ce4b1fd2474ce69487bf1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/worldmatch.9f3d40aa7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-20a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6743
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1ccf787131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 | 154.197.121.128 | 200 OK | 44 kB |
URL GET HTTP/21win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wnurc.com/
Origin: https://1wnurc.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:57 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: "660d5374-a9f8"
expires: Tue, 02 May 2034 15:56:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 329580
accept-ranges: bytes
set-cookie: __cf_bm=7A4I1CmrCFtJ6Pwv8qEZHiYzGxFhUp_XpJTHcCNPSaQ-1714838217-1.0.1.1-qnu1nduqC8RgTBFPvkYwtU2PyE5YFAVp43Nl5qklzW0ejfistELts4WFeedfkbNF4ozKwGYPSyU7A6tMhbPudw; path=/; expires=Sat, 04-May-24 16:26:57 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af08bcb7569f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91217.fc8dbcaea.js | 154.197.121.128 | 200 OK | 828 B |
URL GET HTTP/21win-cdn.com/js/91217.fc8dbcaea.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (846), with no line terminators Hash873b0a1f00b7e367ac6843a8b9e80deb b9333e21da514f326abf81822702b8897c39fb48 647917f9f3afebc3e96f7512bdfa2faf4e3b02948b908fedc205a18a5aa4c76c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/91217.fc8dbcaea.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-33c"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 329440
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af10ae467131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/1279.7681fe15f.js | 154.197.121.128 | 200 OK | 911 B |
URL GET HTTP/21win-cdn.com/js/1279.7681fe15f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (929), with no line terminators Hash3a0fd7772f5d3cd77c17b49876743f78 3eb84478f6c0ac3009e81576caf8fa6ddf4e2c5a 5d5a4e691e8df7115cff0e7b2b76131b7b633ce30509dc61fdf36c9ab36989a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 343052
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af12f99a7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/tvbet.fea6d0222.svg | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/img/tvbet.fea6d0222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashdaf98e0c0d45cb1db158d09bd07e4959 2c28a0c557fb1cf89267d49d2d5ff2a958f896c9 e3f1319aa5c6feb25f6b42156eda20d784b7a7fa6ed97488292a7f5e23b44ab4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/tvbet.fea6d0222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-24ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6743
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1cbf557131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif | 104.21.75.209 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hasha301711d2f250aac2cf9a7b842d5639e f64334b263231df3e7505d31d155e4277e8337db c44c30f8bb76dda1f98ed40d6aa5eb9e0b906618ba0ef88033c315b926d51668
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 7665
cache-control: public, max-age=31536000
content-disposition: inline; filename="a2d833f8-b8d6-4fb7-8063-08501557df20.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZmQ1ZTBlLTRmM2ViIg"
x-request-id: BJABdYmHfcvdKcjvabDcx
cf-cache-status: HIT
age: 340210
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VmZXP7HWdo3kBfsah%2BlGFYfIgNQXbR1X2BFQdLFbp1%2BZHdkvmlp%2BpQz3BYNlvzsJC5K6vbB8OsXtiA4DN38Q6ZOUszq0LXlj2FzihUEYh3syOShuCD%2Fy1bhCskinuLr0FYjYnnb9alc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1d5b5d56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/31310.c605a9b9f.js | 154.197.121.128 | 200 OK | 528 B |
URL GET HTTP/21win-cdn.com/js/31310.c605a9b9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (546), with no line terminators Hash819ea0d23f76434d7cf7bdad5c0dc71f 06f5a3c6cd80db3f5850633d2f868f55e7e92447 3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 343052
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af112ed27131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-social.4455053b1.js | 154.197.121.128 | 200 OK | 26 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-social.4455053b1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (25529), with no line terminators Hash1b14185591d9bcf20bd451f8e80432b5 b234f9245842f8270f24b137798dab716dca4f96 8fe516d4373eef98060bd7bd9a38c40915c5628bd90429ee567feeb3ff5e3bcb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-social.4455053b1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 14:53:09 GMT
etag: W/"66291cd5-63b9"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 335862
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1288ea7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/100hp%20gaming.8352a77d8.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/100hp%20gaming.8352a77d8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash4ed7fa45e0933ca6d981ea7fdd5e86ad 9da697d8f40394da2cc17c0c82e73cb1130023d3 619d6f72aec387dbde0c96adf91a96436c6c496d67a67841a4058fda6283210d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/100hp%20gaming.8352a77d8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-935"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1980
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af18b9d17131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/yggdrasil.a6bc350dc.svg | 154.197.121.128 | 200 OK | 5.8 kB |
URL GET HTTP/21win-cdn.com/img/yggdrasil.a6bc350dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash1156d7b0c16ee989276ab38995b5e316 2efca22c943534eec487d1441efc9c1280c0ce62 05a95300234033b2ad7ffbf88873540ae90bfb3b849dc207666d8deed966d24d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3165
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1ccf937131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cq9.5d5072e17.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/cq9.5d5072e17.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash47469c2cd9d79b1305e3e02f76d0dc24 d63ca4b97bbdd2533e5c1ac86bacd621a4150410 cbdced2050313c54915ec2417995b7de59675fffbbedf861202570a6e4ad5536
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cq9.5d5072e17.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-120b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a0b827131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playson.2ff1c7d85.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET HTTP/21win-cdn.com/img/playson.2ff1c7d85.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash241ae7d1512148f38162202a1838bcf7 7937917d26b57052c052b0cce94f5d1697c8caa7 a6bbee3377db6138a13bd0bd2bc21f778d1f5744a38653efe4acb48d8078367e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playson.2ff1c7d85.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-ae5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1bbde27131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/ru.svg | 154.197.121.128 | 200 OK | 272 B |
URL GET HTTP/21win-cdn.com/img/flags/ru.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash1e2eacb55168e45f6bbdbfc284e0b55b 0de213a0e24d44e6224f44df56a5f8abc494a6bb a753be656b537e9622f95996dd87e012d7e9daa74511a6465dea7023782d6dc7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/ru.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-110"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1264
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1f8b4a7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/rubyplay.b4553f39e.svg | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET HTTP/21win-cdn.com/img/rubyplay.b4553f39e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3858ea5c6be5319073b0453eac475c1b 72be49666df66401b531cfe9658ae2b64f897b0b fb96a6365440b705da9c72c59a869499f4872ed922243f9d248536974a860980
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1437
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c2e827131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png | 154.197.121.128 | 200 OK | 5.3 kB |
URL GET HTTP/21win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 120 x 97, 8-bit colormap, non-interlaced Hash911fa68d94dd3f2bc8ceff2671e87bdd 9bca43449cf32e95c62291a802cad6e6c4493025 9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-18d2"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1319c97131-OSL
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 204 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (1822) Size204 kB (203495 bytes) Hash9aed689731ecb83ba813a4899ebefe93 26c833d109698765327724f696a0fa9577101b55 bf15b17cca9a402bdd5559058f236fca5ecbeb1e2a4cd97f3fd8358e93ccbc89
GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 15:56:59 GMT
expires: Sat, 04 May 2024 15:56:59 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73918
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/bf%20games.7559aed26.svg | 154.197.121.128 | 200 OK | 5.0 kB |
URL GET HTTP/21win-cdn.com/img/bf%20games.7559aed26.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb94bb2811096b861bfbf8fbcd4de9149 17418a385bb399e79588ba1f6d3ee661c40197c5 c1f44795037017c6bfdb6b4e563a6c9323468cc8df433cfd871784dcf55472f1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bf%20games.7559aed26.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1382"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1436
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19db497131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evolution.acb5f3085.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/evolution.acb5f3085.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hasha27852d0f8f77af9c6a274605b932984 415500832c34ac475d87411fa799dead414701b4 c162d16756ed886b03e4195178b00ea6d54baa3e71ce40f0dd46f3ebb3643e39
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/evolution.acb5f3085.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-9da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 43
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a3bcc7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/reelplay.06dc7f4c0.svg | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/reelplay.06dc7f4c0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb322085b94eec118c20d5acba9ea8465 616f9440231bd629e6d2b6aea1d1baac51386151 542c8ac685d4bf37c20fe8c1b758db347c1300495f467ee0cf4d335239c42b26
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/reelplay.06dc7f4c0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-60b9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1bfe337131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js | 154.197.121.128 | 200 OK | 121 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size121 kB (121043 bytes) Hash3db61399d0d4c57b17b5a337d59e3f0e 9312e9b832f7c0cc755c7c8b867986babdac8628 876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-payment-full.c748a9e6d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1d8d3"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 340188
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af12a9297131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif | 104.21.75.209 | 200 OK | 7.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash7d78a951d170034c2ce027bf5ea6c69f 56ffbce11b718eceeb70ad7ac12f28f44f3c8b93 8edab6a41bf81d3abcef43bc57b4c446cd3c493af6eb231409f7b0ecaaf56dfd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 7441
cache-control: public, max-age=31536000
content-disposition: inline; filename="816dc231-c8b7-4ffb-bae9-d78caff7e923.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjNhOTQ4LTI4YTY3Ig"
x-request-id: DqTBFz-huGT-LFs2ZsACa
cf-cache-status: HIT
age: 329439
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EM%2FX3fhRheuLCk35N82163xvRse35B%2FRb3ydBRnGKXCEzUj1r6paKJ7aB7fcaeMjwvtZtq50xwHQYowwI6mcUC%2FQVORsXFDPfdM1NFID7e0xwRotqGXXyp%2FnefrJVAiy6NzHbe9uoWE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1d4b3856a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/38209.ce0dbb534.js | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/js/38209.ce0dbb534.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1359), with no line terminators Hash8cac0a300131504f4cdf9de98e24c2bc c76c49c15203750221970fefea15fe0352bb9978 a213d9451b50ae86bd8e75883092b22dedfcdc6ae2e26f5dd9c7de3d8957c16d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 330206
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af10de6f7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/28852.501b5fba6.js | 154.197.121.128 | 200 OK | 906 B |
URL GET HTTP/21win-cdn.com/js/28852.501b5fba6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (924), with no line terminators Hashf97751384d582a6e650b35ebe9d32479 e545afff49a2a354c28392833508fd88ebaa4875 1df0101a9f183c7133c49e126c64e4820760e5ab7d99895d0ee7e6d514810b9b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/28852.501b5fba6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38a"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 335862
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af110ebb7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/86359.48c462178.js | 154.197.121.128 | 200 OK | 634 B |
URL GET HTTP/21win-cdn.com/js/86359.48c462178.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (654), with no line terminators Hash33a83c5ac34b557d3037a52c8dead1fe 6bd3202d3720d8c86a84a63f1975b5d53d044ef9 7eb34e53490cdfe14b7d40ae44b2bf4e92d10e204114c1bf5352f6a66c587b8b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 329440
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af10ee827131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/apparat.f7a706d8e.svg | 154.197.121.128 | 200 OK | 387 B |
URL GET HTTP/21win-cdn.com/img/apparat.f7a706d8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc263fae5892b9bdd3fa5e761a8aeb723 4646d9080fe51e04962c1f2dabf13119c6d71a41 2a333baf6e1f1e4d92fa73faae466563009d96e860c1423519b890b68153b70d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/apparat.f7a706d8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-183"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19ab007131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wazdan.1cf2cebcc.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/wazdan.1cf2cebcc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf19410782a9e906c5987a9ec3dec0a8e 9df4dc8c8b7defde41a5caea964099dd1c882245 728bdcd00db7137c2e314ddf1f2dbe368b5a66d31ff5ccf0ca8e8ba83e3da5c9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/wazdan.1cf2cebcc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-7bd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3165
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1ccf757131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif | 104.21.75.209 | 200 OK | 9.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash26af576690cab574a1d969032fdc5f16 8f279f854c9eaaf667d3a0c92c5a5276f9f01cd4 2a0d9e95e9d3526457ba6469ad12b84828057965145caee52dec0388ab28a614
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 9892
cache-control: public, max-age=31536000
content-disposition: inline; filename="9d7c96cf-66aa-4580-9563-baa3f940db93.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MWQyN2EzLTIzOTk3Ig"
x-request-id: oLIa4BJLqwG1HB5BEqpqM
cf-cache-status: HIT
age: 335905
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P1MEBEZDL01PxUwadtExw%2BErcMLbZ3%2BFr2XZkuM6SJ0g8UzJfnixYEMqp7YKQ%2B%2B%2FRGTbr01r62GjEAvG9eb1wlOWqsaOh%2FhAIUAb17U0zSSUWSM1hHQMex6zyqUeehT4NUzZ4klL4AQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1d6b7056a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wnurc.com&EIO=4&transport=websocket | 134.122.54.186 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.11win.direct/v4/socket.io/?Language=en&xorigin=1wnurc.com&EIO=4&transport=websocket IP134.122.54.186:443 ASN#14061 DIGITALOCEAN-ASN
CertificateIssuerLet's Encrypt Subject*.1win.direct Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27 ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wnurc.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wnurc.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wkpTw5UCFcq2S5TKOXnMNA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: 7a2QFQJVfTe/1N3GwuzRQ4+sH0M=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=1727b18126aa5ee2; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1win-cdn.com/js/35967.a72ac7974.js | 154.197.121.128 | 200 OK | 958 B |
URL GET HTTP/21win-cdn.com/js/35967.a72ac7974.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (986), with no line terminators Hashf101f5dc77f24d2d3912e2c93bc1edc4 49f1e57d6778aad6b5a46d2cfb37ca3211dc6374 ca67bce590a2a7f3283eb1c50196d936b87658532ef3ac5485ba1459ad1577f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/35967.a72ac7974.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3be"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 330205
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af12689d7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/20420.30b3c996e.js | 154.197.121.128 | 200 OK | 573 B |
URL GET HTTP/21win-cdn.com/js/20420.30b3c996e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (591), with no line terminators Hash41330d1d45db0c752d96abc28dbb0644 3e716caf3e130d706d19fff163b8fda8b91574eb fbcbcecc2dd56e59b3e7ae495a64eafdbee9d493cd3b86ba0ebe14f75e031dc0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/20420.30b3c996e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-23d"
expires: Tue, 02 May 2034 15:56:59 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 343451
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19db3e7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/elk.c0f58697d.svg | 154.197.121.128 | 200 OK | 983 B |
URL GET HTTP/21win-cdn.com/img/elk.c0f58697d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash58995520e7430cd69b54d08c244aacc1 3db7918420563842879038fd5b4ba2050458ddeb 5110cb34328fe32430f0ef1a8a85709a1245aa2df8d876656a6dd74c8ed5accb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/elk.c0f58697d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3d7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a1ba37131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif | 104.21.75.209 | 200 OK | 7.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash91cb93c7b3bcfdaf5be22dd889c68647 20c0af4b44bfe11283e15f237fa8c762a10d4711 c8a4e944374127623a31b75cec94c6b6d3509cb961f03169774cd8d725b0cb4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 7460
cache-control: public, max-age=31536000
content-disposition: inline; filename="728d6758-6f50-4b1b-8132-2430ff7e0aa6.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NzQ2ZGJmLWRhZDki"
x-request-id: nlnrqp76oKsPxZfPgQlZm
cf-cache-status: HIT
age: 329439
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LyZJUuA%2FnJPmEO8rTGxLGmUjhIZTxEeWy6Tkyt9wYwu2sivG46UwoAhmjKTn7k0Mpqv3yhVxfsVXdNyofnjfbtiZY19Lv5Zn3ZZ6atV1d2DwYvLYUNlw7tUw639SrVYRmQ4WPDtMsOU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1fae9356a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinomenal.e0cf93b3a.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET HTTP/21win-cdn.com/img/spinomenal.e0cf93b3a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashcccb25968af8377b09aaabb6aac79736 84938c2eeb2043bd681550b012601b0b0a2395b0 59b22e2b3007555e659e3a56f1c622f3635e7e0a7f284ce7b9a56dfe5fde9e9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4059
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1839037131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91635.a2db5f817.js | 154.197.121.128 | 200 OK | 748 B |
URL GET HTTP/21win-cdn.com/js/91635.a2db5f817.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (766), with no line terminators Hash74c5864ef446bbb00f9e7e1b39eff8f9 04696352def160b6c3536b2b11c4351f02f49780 348cacf24053c417315aaf1dd971cf88c758964beeb37725c7f683b90bb5e7d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 334559
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af10be587131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/index.fd224ee8e.css | 154.197.121.128 | 200 OK | 6.2 kB |
URL GET HTTP/21win-cdn.com/css/index.fd224ee8e.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (6186), with no line terminators Hashc218042c31114bc4c7a311d8b19cb43e c6e84556a091c219daf13d98091e46a6623b7b5d d9600b9cedc5ef763fc5d021974dede1a25f1449d2b42d496044932ed716edf5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/index.fd224ee8e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:57 GMT
content-type: text/css
last-modified: Thu, 04 Apr 2024 11:31:45 GMT
etag: W/"660e8fa1-1823"
expires: Tue, 02 May 2034 15:56:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 343452
set-cookie: __cf_bm=LaQT6T5JKkM8FQ5hBb7uZzVlNDIY_fmUhJOIqx8_ugs-1714838217-1.0.1.1-n2a885u3cKQskJ9MQbJyVy_AiNA_8FM8YKS.MnSqcrxb.pbTgoDjbnlbQW2iTpn2g6Cge6qDV06hgUW5_0Mj2g; path=/; expires=Sat, 04-May-24 16:26:57 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af08aa9c7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90206.5caf53dc9.js | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/js/90206.5caf53dc9.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/90206.5caf53dc9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-2d08"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 330270
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0fccda7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp | 154.197.121.128 | 200 OK | 40 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash14de8fd7c8de24bb9f6f89ddd3c2d480 9635193c712dafa2c58339dee09588880a96a980 633593c73a175eabb2a5716a04aa84b1b49fc8e4ac4687b07509db36350076b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_bg.0e037ee17-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/webp
content-length: 39614
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: "663503d2-9abe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af171f887131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET HTTP/21win-cdn.com/img/aviator-game-logo.2fb50dc03.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashced188fd368f5c8439ebd4398c9c9315 3b04cd5dfecda2e4b27b203dba4a6cef1b7890ea 82811dea95287317cc83610df97a7bc61db4783bd43ef75c8131c497f7868ef6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1979
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af116f387131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amatic.1ad22f1f0.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/amatic.1ad22f1f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbeaad3ec246cc02d25e05017a1e1739a 391c594a7f9ff5db52bfbd1c41e6577e6ac49dc7 184333dfcbe0cc2997b77991da69552dd91fe8d480186f8a8b76187e11e00a84
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/amatic.1ad22f1f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-400"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af190a3e7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/truelab.ec113fba7.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/truelab.ec113fba7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashedd84be1aaadcb0b503864bea380f168 af4583fc1079d7d5e07cc6ca22b56f9eeaab7418 d73eced8792c2507b075c7a7a313f1e228700fda1108d4ab44d707b36b241e06
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/truelab.ec113fba7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-7b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1caf4b7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-EF3MMFMF5C>m=45je4510v9138807182za200&_p=1714838216638&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=996508554.1714838217&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714838216&sct=1&seg=0&dl=https%3A%2F%2Fv8.furxcrw.com%2Findex.html%3Fv8.3&dr=https%3A%2F%2Fdtwlukf.com%2F&dt=Redict-V8&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1469 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-EF3MMFMF5C>m=45je4510v9138807182za200&_p=1714838216638&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=996508554.1714838217&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714838216&sct=1&seg=0&dl=https%3A%2F%2Fv8.furxcrw.com%2Findex.html%3Fv8.3&dr=https%3A%2F%2Fdtwlukf.com%2F&dt=Redict-V8&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1469 IP216.239.32.36:443
Requested byhttps://v8.furxcrw.com/index.html?v8.3 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-EF3MMFMF5C>m=45je4510v9138807182za200&_p=1714838216638&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=996508554.1714838217&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714838216&sct=1&seg=0&dl=https%3A%2F%2Fv8.furxcrw.com%2Findex.html%3Fv8.3&dr=https%3A%2F%2Fdtwlukf.com%2F&dt=Redict-V8&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1469 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://v8.furxcrw.com
DNT: 1
Connection: keep-alive
Referer: https://v8.furxcrw.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://v8.furxcrw.com
date: Sat, 04 May 2024 15:56:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 253 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Size253 kB (252770 bytes) Hashdd30d5630dc35a1b04f410a218c95f14 23f8d97e544b75232868b1ee87b34ac46c63a634 e8f68791fcdda026499229db5b617189579eab0348d828bace8db1580478188f
GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 15:56:59 GMT
expires: Sat, 04 May 2024 15:56:59 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87447
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/7mojos%20live.cb6749a25.svg | 154.197.121.128 | 200 OK | 6.6 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20live.cb6749a25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash63dcbe9ebaa3f238a8c0152142b06a03 cac36df8800a2f72b9b51f9eeffd74e82be4ae7e c22e31035811334913ddbd32cfc1881c38c08fdd4d4b4c1c5362ecb6ee23a316
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20live.cb6749a25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-19ef"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af18fa247131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif | 104.21.75.209 | 200 OK | 3.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashb521bef6762ffadc98bae1073bc51102 d954bae917b2dbe88dd99f4861378026617c0051 5ea36ff6bcb73fe3cb477b259728a597be8b170546984eb824ec3582d1c6e207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 3320
cache-control: public, max-age=31536000
content-disposition: inline; filename="6c924d76-6964-4196-b545-1cc5c1ce019e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NTIwNWFmLTEwNzYxIg"
x-request-id: xOqcr0pspglCrlGtEnLgs
cf-cache-status: HIT
age: 335905
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y3QK52VF%2B%2F%2FfXQcwLgfQEl6SfLcYfDUBmOZ685AnHpYTuIbXNvPXYhKui8jUmmC%2BIy7eSY1VTM2udEPfAr7aC1uhu%2BicSkoo%2FchaMaq3X27XKf3%2F9B1MjnAwTYvdltG8U3YMdAvb%2FeM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1d4b3d56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/44101.3268a6e79.js | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/js/44101.3268a6e79.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (33049), with no line terminators Hash64fb718df447a3a994dcc6f6030b0488 6d312ce281fb912b3ff51e28e46239d55a7b7e8c fa3e3d09282ece932ecf45ea31c7f6bf3fea37d414070c6bcd8c01f466f4c932
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/44101.3268a6e79.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-8119"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 343451
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0f8c747131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bet2tech.41863da88.svg | 154.197.121.128 | 200 OK | 1.8 kB |
URL GET HTTP/21win-cdn.com/img/bet2tech.41863da88.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash37036b9327cf2f08f10c828a969255cc 110c9e121e3f79982f785db63213d01a94faf4b0 13efe39819f6ca0b2ae3ceba64c239738536fee39cd1d6a4a142079050975f2a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bet2tech.41863da88.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-71f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19cb2f7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/kalamba.6e06f7faa.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/img/kalamba.6e06f7faa.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7c40c808f85699562366c94d8075727c daba803ead149eec52b19b82e57afa940922e3c1 8b130bc8c17d44e469cdaabdb68bf8bd4fd819a3763227a6c5601b28a637b8d1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/kalamba.6e06f7faa.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-a9c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1aeca97131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif | 104.21.75.209 | 200 OK | 9.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash7eb2cba4654091d306b65c6fe0a8f631 e1a4eecb3f5db01aa2774cf811e3c2cda95f426b ffd6b30a5e9e4e68ea1f492d19ba67578359d3a390dd90ea295cbc4bd81827d9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 9433
cache-control: public, max-age=31536000
content-disposition: inline; filename="57228a66-bd62-4072-a80c-3bef549a758c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY4Mzc0LTI1MTcxIg"
x-request-id: Y_S_l8ymuWqEP5rYiQsvA
cf-cache-status: HIT
age: 344035
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zfTEsAK3qkN9kT3KY%2Bae6HBGNctCy6n4%2FJ0l%2FOhbbo8f9zhu8sznfn%2FRscLl%2F0sttJk6gmpro9O3Ft4RHdtmhkiv8HXK73k%2BEgAF6aa1ISAfJcoJwPKG01qTOl%2FgANE2anXsEjQHtQI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1fbe9f56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/48357.2867badf5.js | 154.197.121.128 | 200 OK | 9.6 kB |
URL GET HTTP/21win-cdn.com/js/48357.2867badf5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (9833), with no line terminators Hashac10e417d3205818d44f428fb5946e98 1e2586b11318351ff352b3155225e2e90617151f 56e1ca7bc3d7559714a27119b6076e3b06a69bc9848518bfac6fac0d55dae24a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/48357.2867badf5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-256e"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 111096
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0fbcd07131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js | 142.250.74.164 | 200 OK | 850 B |
URL GET HTTP/2www.google.com/recaptcha/api.js IP142.250.74.164:443
CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99 ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT
File typeJavaScript source, ASCII text, with very long lines (850), with no line terminators Hashee87fd4035a91d937ff13613982b4170 e897502e3a58c6be2b64da98474f0d405787f5f7 7649b605b4f35666df5cbcbb03597306d9215f53f61c2a097f085fa39af9859f
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sat, 04 May 2024 15:56:58 GMT
date: Sat, 04 May 2024 15:56:58 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif | 104.21.75.209 | 200 OK | 5.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash9d19a8ee72d8c48af25fdc64baaa1377 845b03e70fa87c6cd8025abe3c257117e0d88bb6 02a25486cea99e7a7cbc3a72ed94b5466705f26440184d1a2f2f5ebff6695ce3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 5859
cache-control: public, max-age=31536000
content-disposition: inline; filename="40223bea-129c-45a9-afed-277cad8ba9a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5OTI1LTMwMWYwIg"
x-request-id: Gtd2gR3NIUujjGjkA0lEY
cf-cache-status: HIT
age: 329439
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DloPrm%2BYZMQXWG0yTx%2BG7jKXbrT8ty3oQHAAUG6Oa%2BR0xyyacc80k2wq3YxOGwdAMvCT%2B9%2FhAkssA%2FIHSgIdLIYtcr2axtzcNIrlN7Ovyylluw0ErtzfScNwztqhqsXY6HDbpWR6SHo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1d4b3f56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif | 104.21.75.209 | 200 OK | 9.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash19ea6dc62a4b1d3b87a9940660698dd1 8c3052c6f52d60b40824437d282619e91034db7a 37fdf454398cc9c71d94e939cd12dc958e9380d776cc895395d52fca7ff78308
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 9300
cache-control: public, max-age=31536000
content-disposition: inline; filename="b766d86a-eade-487b-98e3-7c58464e62de.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MTJlYmFlLTMwYjZmIg"
x-request-id: H5JlTxFxiug-gsAN0uQr1
cf-cache-status: HIT
age: 340213
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C9MEuWwwG2zWsl2ZULwdgHam4xvCOM9E%2FFKW2xGkXGEs%2Bexa01ZyDfd92FQe%2FNj%2B0h8D3UsL%2BZfuxMYMeCWiNXShmFzS09nUGQd8%2F8mWweHKihSsW9hPFl%2F%2Fufq7JZv8PF%2BYwULhDAE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1d5b6056a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win-normal.34748aac6.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/1win-normal.34748aac6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6a657a7851fa92f791304f1cdb123e9a ae2def67a366ffe67578bf82e3c47b4f1966e784 8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4059
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af114f0b7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playbro.9ed310f23.svg | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET HTTP/21win-cdn.com/img/playbro.9ed310f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash221b773f0eb73aa28f7617e628f7fc2f 67e3b29f4a951351da5183dd7d6e083fbc991322 4ad7ef6a7e11897fa2b2830921fe86a3d878866c81c87d159f90732be0d30e9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playbro.9ed310f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-12e7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1badd17131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fifa.604717ea7.svg | 154.197.121.128 | 200 OK | 924 B |
URL GET HTTP/21win-cdn.com/img/fifa.604717ea7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash27cf15a53b2412f9ed5eed8d31e3e42c 7e36a8980f616c440e2be62e539ea1dbd932f668 da435f1ef957744b70f4ce88d8463e883b23601054fc39e53c31a80536ec590f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fifa.604717ea7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-39c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2797
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af160e267131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netgame.8e28ed366.svg | 154.197.121.128 | 200 OK | 2.9 kB |
URL GET HTTP/21win-cdn.com/img/netgame.8e28ed366.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf7a27f15353cbc6d80464cb321e6f7cd 8e9d03da3c5f00a3a228b545cb8759e837059323 c7829189320f0892562d94639b839e69ab98bc4148e5827a634127bcc2ba9740
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/netgame.8e28ed366.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-b65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1437
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1b2d037131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| | 190.115.24.78 | 200 OK | 438 kB |
URL User Request GET HTTP/2IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wnurc.com Fingerprint29:8A:BB:7C:EB:85:87:ED:E9:21:DE:1E:36:30:4D:27:BF:70:F2:01 ValidityFri, 03 May 2024 09:17:12 GMT - Thu, 01 Aug 2024 09:17:11 GMT
Size438 kB (438056 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 1wnurc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://v8.furxcrw.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=nvZI7ibdzPCQdh23MAo3; Domain=.1wnurc.com; HttpOnly; Path=/; Expires=Sun, 04-May-2025 15:56:56 GMT
date: Sat, 04 May 2024 15:56:56 GMT
content-type: text/html; charset=utf-8
x-request-id: nQBEBzePH0ncii5j
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wnurc.com
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/44881.dae54c10d.css | 154.197.121.128 | 200 OK | 31 kB |
URL GET HTTP/21win-cdn.com/css/44881.dae54c10d.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (31262) Hash042184ca7fa3adf2a29c3de64253e215 321e3142ce096f24515bf9c5699fda45dcc5e76c 672247ee69b11db439dc0db48c1b8115542d13a4c9c2f23af0a0433b453adc7a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/44881.dae54c10d.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:57 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-7a1f"
expires: Tue, 02 May 2034 15:56:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 330269
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0b2e4f7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.84963e685.js | 154.197.121.128 | 200 OK | 136 kB |
URL GET HTTP/21win-cdn.com/js/desktop.84963e685.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size136 kB (136447 bytes) Hash80b2b92818b5b983234b19158d23bbeb 50deac03e087284a4574848ffd689014ab1b6b51 d44aea4b2aef0b2c8df7d4ca70287345f4ac39a4f61f8fa5931b2c53253a8c7c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.84963e685.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-214ff"
expires: Tue, 02 May 2034 15:56:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 85979
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0b2e557131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/47729.aeb93cc08.css | 154.197.121.128 | 200 OK | 8.6 kB |
URL GET HTTP/21win-cdn.com/css/47729.aeb93cc08.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (8604), with no line terminators Hash869f5272fe034aeed4673ff39a6a21b8 3479ef5492e46c2643d5926aca2ae140245cc031 1fdaca341cccef31f8dab533d2f841f1cddde134cdcc916b1340be3b797ee74a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/47729.aeb93cc08.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-2199"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 329304
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af100d367131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/speed-and-cash.dffacd6c5.svg | 154.197.121.128 | 200 OK | 24 kB |
URL GET HTTP/21win-cdn.com/img/speed-and-cash.dffacd6c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3c62bcde419e822cfa55d45a05fa112d 77631a7cbc25e1d4567b72cc5b8c4acb43c7eb38 feb59050cb394075bb3efee348121151a8a214d673e69b1a3b8021e85a46c5f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 349
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af115f2a7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinmatic.f74cf69af.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/spinmatic.f74cf69af.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash12c6733c47b71d93b36447dcb999d080 f6440015ef35215d9009b4f08340145df1f7d9e1 fb365d3e4d36a26db4aae3e00690d0b35f5289b5e80c371ed687b7239be22f07
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5517
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c5ecc7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/68410.d56f51302.css | 154.197.121.128 | 200 OK | 45 kB |
URL GET HTTP/21win-cdn.com/css/68410.d56f51302.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (44871) Hashe4497915b5678c70601e6434394f6575 55146388fda855fb7d8710ce9f62ee3b4c420640 9b9430eac542be7137a39afac89a9e57e69987fe5bf34dbbc475d1c1409eb177
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/68410.d56f51302.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: text/css
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-af48"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 231953
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0ffd1d7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash923ec09a017c369d475682b8b60fe652 f2a4cf5f06644b65bb3df522652a41a2b09c2aa9 7dd1302808a915df5f6af1480cd4fc562a8ad77550aa3ec0a32d5663d8d6afc6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af161e397131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evoplay.cfa676ca9.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/evoplay.cfa676ca9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7b4d8b1998ceae4f1e4defe0e5b322a9 b60d4fa2033a28349d7920647907368835ab514d ba06d2a9476e9302fb1576b656f6c522ada52d31d30e9461649e874207ca18bb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/evoplay.cfa676ca9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-a24"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1980
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a4be37131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/relax.1a68769f8.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/relax.1a68769f8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd29d9c49a3e8be4842246e8b658651b1 71129bcf41f71edffe3fb4db0b4ff2faf37bd536 67d8edefc6b96e711c297519bc268d93c477cebc6a6cd0f912bb1567ee2a71eb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6743
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c0e567131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ct%20interactive.74b20dbc3.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/ct%20interactive.74b20dbc3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashe709608dd45ff01d7f75d21bc3534e1e d45bc1ea2a957ab8113ecf7da9564be00207c6d4 d3909007c8efcbb7e2d3fdabe0dde74063c3efcd76d989f83f6d128b89494b2f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ct%20interactive.74b20dbc3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-889"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a0b8e7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/swintt.7c851d380.svg | 154.197.121.128 | 200 OK | 427 B |
URL GET HTTP/21win-cdn.com/img/swintt.7c851d380.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash90e9054f87471fee18244fbfaa5c2434 e4f14ab709714096c57f1e9941c4f28aacdae8f0 b0bec97d4b607d5aafa8a013b13b9cd75579c41d514ddba2caa53070867e95ef
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/swintt.7c851d380.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1ab"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c8f0c7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-home.d21abec30.js | 154.197.121.128 | 200 OK | 19 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-home.d21abec30.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (18922), with no line terminators Hash325c4a59d9bc91d434baa4a7563c38b4 070a43d12a678b20daf2851076340bf4b595d5ff da9eec33115c64c998ab64b58d507a763696e716f0573c9dab499e978e599edf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-home.d21abec30.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-49ea"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 343451
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1208187131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 263 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size263 kB (262561 bytes) Hashb4a3c76a2fe5a6afd8827c275893679d 1e9f4cd7095fa1fecb6d537fa958a94bb2f2f0b6 b4f64a207493d169c9486b42749c8066464a30e8cc7843a758e171bb463ef36b
GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 15:56:59 GMT
expires: Sat, 04 May 2024 15:56:59 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91559
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/turbo%20games.0a45ae56b.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/turbo%20games.0a45ae56b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hasha3d3ed5aaed2f3fd7a089aa6b6e00aea d366f4c84c203fd116575a62676b89bcd97c5816 8c7289cbe7f24989aef5f3b52bf00d1178c03b134a718bdbf54d7ffa7d8426ed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/turbo%20games.0a45ae56b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-416"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 44
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1caf4d7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1714838218134&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=304321623.1714838221&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1714838220&sct=1&seg=0&dl=https%3A%2F%2F1wnurc.com%2F&dr=https%3A%2F%2Fv8.furxcrw.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wnurc.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3879 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1714838218134&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=304321623.1714838221&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1714838220&sct=1&seg=0&dl=https%3A%2F%2F1wnurc.com%2F&dr=https%3A%2F%2Fv8.furxcrw.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wnurc.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3879 IP216.239.32.36:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1714838218134&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=304321623.1714838221&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1714838220&sct=1&seg=0&dl=https%3A%2F%2F1wnurc.com%2F&dr=https%3A%2F%2Fv8.furxcrw.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wnurc.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3879 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wnurc.com
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wnurc.com
date: Sat, 04 May 2024 15:57:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/igrosoft.69f8e3ca4.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/igrosoft.69f8e3ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc193a82075a3318b6b01f6652548e025 008409af9a242969c8c0205fc8052d17b61410b3 71151a1f7c348dc26ab089351320dfd6cf0ccfe3c0019c475e0917c0f9b353f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/igrosoft.69f8e3ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-500"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1acc807131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif | 104.21.75.209 | 200 OK | 7.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4841c7a15b396644ee7ba8554ffb5bf6 a2829093874a49809c29b2d4a186e1af8cea5153 1e8c5d052a6863b10764bb9391767143f9c6599b48d966322520927913fb3d9c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 7407
cache-control: public, max-age=31536000
content-disposition: inline; filename="7fdd4ca4-61a6-451c-9533-185b9f88a4da.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MDg1NWMyLTQ5ZTFmIg"
x-request-id: ayKlLuwlDWjGizyzfc3h7
cf-cache-status: HIT
age: 337605
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xIXJU0kus0sAAK%2FG5tOadIRmVOXyRpEA%2BNPBH%2F4B%2F5l1iiWD7nO5I%2BPkkC%2BNCm5l2arXNfQLH8UBCAE4VLLGAgGFjv3AjEo6411LOBYi693%2Bxvzgsfa5C4UTA%2FnWKhgXhzPUBVeR6E8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1d5b5556a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashee7f334d83ac78ee94aa7cb499a7d252 acaf3f1ec2dd643c920f036bceed9922c4398d9a eef20c5785f1ea1445bc5d54982011d999ae577a2d354eb7035465336ad1555b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20slots.c8ad63b4f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-233d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af18fa277131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betgames.f9572e26f.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET HTTP/21win-cdn.com/img/betgames.f9572e26f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash22c1b0dd1e37b9c443eda963fe76d96e 7cdb9b3ec3c095dd657c2bc18489b00fc8f5f7fd 058002db89099b878d2fceffc78b9bdc47a5c5e990ebab7af3d1a9bac806a4f6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betgames.f9572e26f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-beb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 43
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19cb397131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mancala%20gaming.441ae5f23.svg | 154.197.121.128 | 200 OK | 3.2 kB |
URL GET HTTP/21win-cdn.com/img/mancala%20gaming.441ae5f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfecafa12f578f5ced554ed31aba5c852 7e1f6f044c0508f11d1c5a58a41c3d1423bd7069 77c790b43104ff72a4363c886ef16e2716f2de4bd9b8a870b1228aec39924fe7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/mancala%20gaming.441ae5f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-c90"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6743
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1afcb77131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif | 104.21.75.209 | 200 OK | 7.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash6a86c5bb3ff2902051c8a5b9212df604 4c871b9b1b0da3cb252977e3177d302cad6230fd 131c4194037afc4e0e990751d6b75b478eef845d855d2d20bc2722612ddf671c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 7785
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWNlZTJkLTZiYjFhIg"
x-request-id: soAn6Cv9FDG1lRMNVYG9M
cf-cache-status: HIT
age: 335667
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XwEzArTIbGT8ehglG4Cae%2F%2FBL4gS76ZMTCmVLcdZg07r1%2FqQyfk9m48Vmi0aGMgqoEYS5ijgOfQd52snRrrq6yDr%2BorWPsZyE1xnx%2BUs%2B8Gg2h7D7nB7UtXaJIPEVtVl1y7IniFhtX0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1d5b6356a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/39061.47d3b467c.js | 154.197.121.128 | 200 OK | 92 kB |
URL GET HTTP/21win-cdn.com/js/39061.47d3b467c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/39061.47d3b467c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-16929"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 110890
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0f8c927131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/present-with-light.bd57fb068-151.png | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/present-with-light.bd57fb068-151.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 151 x 161, 8-bit colormap, non-interlaced Hasha804ad67f4add53f8c251c2ebc80469d 4108aeab2f7a7c3720885edeb445e6131a383a49 06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-1a4c"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 123
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af10de727131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/lucky-jet.f927485da.svg | 154.197.121.128 | 200 OK | 4.0 kB |
URL GET HTTP/21win-cdn.com/img/lucky-jet.f927485da.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash46387a9ff4a17ec246107df243120bfb f662dcb3e5629d8b9dcd169f73e31f95309bda40 b3cffaeaa51fa3689ab70d930776d565a90ab7caaaace2f1cac5f67cfc13205f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1979
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af114f127131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57652.297e4ecc2.js | 154.197.121.128 | 200 OK | 647 B |
URL GET HTTP/21win-cdn.com/js/57652.297e4ecc2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (667), with no line terminators Hash53d580c5f29a2a838b6595fa6ff0f0a3 ab60adb7207a806d271778effe677ed01dc144b0 d09039f573818646e722fef48f6f9d999dc7382548877a5699e9b45be29ec6dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 343052
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af11bfb67131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png | 104.21.75.209 | 200 OK | 50 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 362 x 429, 8-bit colormap, non-interlaced Hashb0b99e0a3f5f6fc44052e30eae903c63 822d3283ea4b2e2dba9b7454a3cce37dd7b67d7a e8a9883494dafb98df5bc26bae6e699673f4dcc1ee90aa8b5296f3ff88f66954
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/png
content-length: 49865
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2MzExOTVhLWMyMGQi"
x-request-id: 9_ruTBS0Tkm7jz1RUzGRw
cf-cache-status: HIT
age: 323936
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=idedqbIfs3YIm4YAOj0apHASQ9MMcIDsI7xsjOOheEYs17vLmAx%2BIyE81eV%2BSPLk6YKnmP%2BVx22lOsJ2TX%2FonglDH9GreX0u8G4pIpAIphvSTdP88pfhdauatdwBo0cbOSchiBAPRPE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1219cf56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png | 154.197.121.128 | 200 OK | 16 kB |
URL GET HTTP/21win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash2018c59c5dccfaec96873d1ce9a60276 46ad94df758fdb9f0a257d99fcf52314cf5df926 b57379b1cd70db0d460ce31140e81eb78d3347ad6f7dd2cf9fe1c624d5e65439
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice-frame@2.8e0d70675-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/png
content-length: 15901
cf-bgj: imgq:100,h2pri
cf-polished: origSize=17269
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d1-4375"
last-modified: Fri, 03 May 2024 15:33:37 GMT
cf-cache-status: HIT
age: 2796
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af139a787131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/goldenrace.4bb50c89d.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/goldenrace.4bb50c89d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash273a325a862af8a6f05811ac5a7c7f29 936efb3df57c80b5ee35a1ebed295fe90ec13145 0e9220c87c66f8eec886bcb17e5beb3242f287ea3099ff14d81e49c41d2c4d32
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/goldenrace.4bb50c89d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-88a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1abc727131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/red%20tiger.157f419e2.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/img/red%20tiger.157f419e2.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf0a8d4ae6c95b6d6b2b0bbbaa62aad9d 9ea188283d324f5c87a802c14ec3386167e7e2a8 4572ee67d26acf1ccb35decf47651e67464a7dc0a438d79c721b9ba739f14d2e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/red%20tiger.157f419e2.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3990"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1bfe2c7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif | 104.21.75.209 | 200 OK | 8.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash19f229b84c704888d3b7a617d4ea0d5f ead41a6984c57debbde1fdbe6820dcdd07634f99 2ded6d38b4a260c8c2b217d42f160b0ad2e5f2ffba86bc3f4b98c660c29ff870
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 8415
cache-control: public, max-age=31536000
content-disposition: inline; filename="0ba3209c-cc88-4939-8825-8169ef474010.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhiZjVkLTIwNzNlIg"
x-request-id: qm6oGx3zgZoAvqzoU-0Oq
cf-cache-status: HIT
age: 335905
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F5Reg%2ByOa716xGaZKfkj0Fts2yGBy%2FMWj3rWKRtuK3ertUB7aM7J8de8s%2BEAVESPiCq6WuZQ%2BMsa47O3OBapRwAPz%2F36yuqEuNTZXQH9G7BrBf3hzdZe8S6eSmPyXAGYzPp6MKtlIVk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1d6b6d56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/retrogames.bb592a878.svg | 154.197.121.128 | 200 OK | 7.3 kB |
URL GET HTTP/21win-cdn.com/img/retrogames.bb592a878.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash58c68473b3dd3ae2f45e31560e366dbf 577748dead61e9aff6756db3bade90442cde170f e4305fe1e258b0357e17b29825d8fcf96aa9e60f453118e4a69066eb2c955207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c0e5b7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playtech.cecac3222.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/playtech.cecac3222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash54cb545ad750e3e670cc7cfaed81c2d4 f808d9b539d13d64c4b405da4dca9b0db732b87e 2bcda89b73c859c34d62c330205d603cb247ae31b00e987f3c3bfaaa3ba2a64e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playtech.cecac3222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-a00"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6452
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1bbde87131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spadegaming.8dc1e9a8e.svg | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET HTTP/21win-cdn.com/img/spadegaming.8dc1e9a8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash747a1c4577c4f0216b3c2312e11b1950 c38313a9fb030d29f16ed7bbc1dab939a874aff5 e6e69bc9af907311e8e0d47d368dc74a985349748dc05803b4717e4aa8a3f6c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spadegaming.8dc1e9a8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-edd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c4ec07131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/superlotto.0b2069aeb.svg | 154.197.121.128 | 200 OK | 7.0 kB |
URL GET HTTP/21win-cdn.com/img/superlotto.0b2069aeb.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash128046b1d7f6f312cc287763f0c22336 4d2984a448e97d8b6e5b34a4c9fd08dfceb6f4a1 8531767fbaba9dae9a2f659ba50799bef2f9f0c207105bd1010f5e0a12b84f89
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/superlotto.0b2069aeb.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1b55"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c8f0b7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=304321623.1714838221>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=752303881 | 172.217.21.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=304321623.1714838221>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=752303881 IP172.217.21.163:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97 ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=304321623.1714838221>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=752303881 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 May 2024 15:57:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bombay%20live.ab678ab94.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/bombay%20live.ab678ab94.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash291aed0c4eee33d7354cb7440283934c ed96adcc70c1f20adad6a9b7a4fa494c45a0d66e e74a67564e0b43deb9d4a6cf97c232567d7dc8111c457c32360d695c21692291
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19eb537131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/skywind.9cd4f870b.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/skywind.9cd4f870b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6133bd0ec680372c4b1478cca75bd999 852e07d884235f5b480657590f2cba1ce4d53d7f 6e09ca60ae8119229bdebf17f96b69ea481296cf4da7dbd9c2d27ee8111d30f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/skywind.9cd4f870b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-5e3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6452
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c3ea27131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-EF3MMFMF5C>m=45je4510v9138807182za200&_p=1714838216638&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=996508554.1714838217&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714838216&sct=1&seg=0&dl=https%3A%2F%2Fv8.furxcrw.com%2Findex.html%3Fv8.3&dr=https%3A%2F%2Fdtwlukf.com%2F&dt=Redict-V8&en=scroll&epn.percent_scrolled=90&tfd=1669 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-EF3MMFMF5C>m=45je4510v9138807182za200&_p=1714838216638&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=996508554.1714838217&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714838216&sct=1&seg=0&dl=https%3A%2F%2Fv8.furxcrw.com%2Findex.html%3Fv8.3&dr=https%3A%2F%2Fdtwlukf.com%2F&dt=Redict-V8&en=scroll&epn.percent_scrolled=90&tfd=1669 IP216.239.32.36:443
Requested byhttps://v8.furxcrw.com/index.html?v8.3 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-EF3MMFMF5C>m=45je4510v9138807182za200&_p=1714838216638&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=996508554.1714838217&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AEA&_s=2&sid=1714838216&sct=1&seg=0&dl=https%3A%2F%2Fv8.furxcrw.com%2Findex.html%3Fv8.3&dr=https%3A%2F%2Fdtwlukf.com%2F&dt=Redict-V8&en=scroll&epn.percent_scrolled=90&tfd=1669 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://v8.furxcrw.com
DNT: 1
Connection: keep-alive
Referer: https://v8.furxcrw.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/3 204 No Content
access-control-allow-origin: https://v8.furxcrw.com
date: Sat, 04 May 2024 15:56:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/js/46665.703cfe1de.js | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/js/46665.703cfe1de.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1042), with no line terminators Hash530c1fc3208b67ba84edf563465386ad d2ae074df39f95da703f5a582a2dadec59962e2c 82df31a277f44a4f8045b7081e23b00003dcadb0f695354354559aaff26a392a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/46665.703cfe1de.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3fe"
expires: Tue, 02 May 2034 15:56:59 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 343451
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af18fa237131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/desktop.ce19676b9.css | 154.197.121.128 | 200 OK | 74 kB |
URL GET HTTP/21win-cdn.com/css/desktop.ce19676b9.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash7ccddbf87de59dd21244d8912c0a6893 1158dca7d9aa8817fae573a25ecf4c8be6b513a6 55f9a6a47127fab3ab7e8c9ccbae03aa63992b4010583731ab171e22942fb3f1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/desktop.ce19676b9.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:57 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-121d6"
expires: Tue, 02 May 2034 15:56:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 334559
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0a9d9f7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/belatra.1e7508387.svg | 154.197.121.128 | 200 OK | 5.1 kB |
URL GET HTTP/21win-cdn.com/img/belatra.1e7508387.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3a3db4a05ec45ff249ff2330cc6131d9 d4e82a85d11863ae6e91cf542676f8ed0dc5a130 356a6b1e0c2826d245756e52b8505d57e4cc1d2059957fe6fa4b4c37ce6754ff
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/belatra.1e7508387.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-13fa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19cb2c7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif | 104.21.75.209 | 200 OK | 9.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash0f8864e9375258e414b04c6732d13b3b e5577d640e162a5d812d94c60bf9d8aa2ef0dd46 2f41e33d30919a1521364450bb1e867a1f7851f25f7ec18b0325fc51f123793e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 9286
cache-control: public, max-age=31536000
content-disposition: inline; filename="e6dd9f4c-282a-4040-8fcc-256b4d959834.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NWY0Y2IzLTIzZDY3Ig"
x-request-id: ocH5-jbdxAxetP0OmPcPA
cf-cache-status: HIT
age: 329439
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wZKGmJ6dzn712YlYSQQqs%2FwALGzweEXtvEFiyPSgQBcWLZlc6Xm1zwPEcIeRzrFNkCLzrrbCWAFAXi0wJcX4v5TBEVqmaS%2Fahj0GbEePj55a%2BP5o0qpR%2BEIJuhX2n%2FOCAzUU9zQ%2Bw6Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1fbe9c56a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png | 154.197.121.128 | 200 OK | 27 kB |
URL GET HTTP/21win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash9a35699413d56978ea4af6896f0aa16c c22d50770f376a17d5539919541496a1e1e5a626 396126da9646bf2bf8d5a2a9f1e449391db7861540ad243e0ca8c3e0c40fd012
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette-frame@2.76ea5a241-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/png
content-length: 27297
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29770
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d1-744a"
last-modified: Fri, 03 May 2024 15:33:37 GMT
cf-cache-status: HIT
age: 2796
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af138a6f7131-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onetouch.b026a50c5.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/onetouch.b026a50c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf04cb7d15621db8eda5af2216a4f824f a0aa7231bfbe4ddc48be81716c3b31ba5c1702ec de4ec671f76aa1afb93d074c5ea3b64d3d759cf404a142b359be0d9fccedb84e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/onetouch.b026a50c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-95a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1b8d977131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash443b070227be618d0513c134be5b65f2 cea77f63f79f4a2406af9f75e29078e40c69f9e3 99766510c4cf78a018e87ef969b90f738755e653efa66e1b5f2f9e6ab7d41ed8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/3%20oaks%20gaming.a6d146d58.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-aa2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af18c9e07131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boldplay.70a46bd71.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/boldplay.70a46bd71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb9145dace81bbcbef7d60609e72c9c63 c182aef9dae96fe22563e38cf8ad0bd5cfb9f588 8efe8d59068c4a443da7fca222bf01d3a94a01db7c7ace4463c434ff0aa93235
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/boldplay.70a46bd71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-123c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19db517131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamebeat.5649e97f9.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/gamebeat.5649e97f9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf47237dc478a7b0d1ed4d2687cc13396 66ce5afa1722b78b22858e1ae057290f36a13c81 af0e90737145635ae2a9807d550dfc2bd2746cbc50f74b828a3aa4c0e9a8ca19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamebeat.5649e97f9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-472"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 179
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a7c397131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/smartsoft.d4a2c90f3.svg | 154.197.121.128 | 200 OK | 4.4 kB |
URL GET HTTP/21win-cdn.com/img/smartsoft.d4a2c90f3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashe363d734db0fb177f2d082d5ec933b2e 21840bbc0a0843627d204818be4abba494436a12 ba8913cfda5417b5d2d8015dd340def1fc7cec97a5c875ba14590a044a5daa53
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/smartsoft.d4a2c90f3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-112f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 44
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c4eb97131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wnurc.com/common/title?path=bets&lang=en | 190.115.24.78 | 200 OK | 29 B |
URL GET HTTP/21wnurc.com/common/title?path=bets&lang=en IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wnurc.com Fingerprint29:8A:BB:7C:EB:85:87:ED:E9:21:DE:1E:36:30:4D:27:BF:70:F2:01 ValidityFri, 03 May 2024 09:17:12 GMT - Thu, 01 Aug 2024 09:17:11 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash55d138477f5d21b2864ed51b2aa3b446 f493c01dcf90c45f2334b9ca47839ce0a014222b 456ce42d8f0a396a6549e0fc1e00649162a0391884d40a887f013a53f681f37b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/title?path=bets&lang=en HTTP/1.1
Host: 1wnurc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __ddg1_=nvZI7ibdzPCQdh23MAo3; partner_key=ygid; visit_domain=1wnurc.com; core-sticky=http://10.233.80.195:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI4MGViZGMyNy02MzVhLTQxZTQtYmY1MS03MzY2OGNkYTY5YTIlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE0ODM4MjE3NzI5JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNDgzODIxNzc3MSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTIycmVmZXJyZXIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnY4LmZ1cnhjcncuY29tJTJGJTIyJTJDJTIycmVmZXJyaW5nX2RvbWFpbiUyMiUzQSUyMnY4LmZ1cnhjcncuY29tJTIyJTdE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 15:56:59 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png | 104.21.75.209 | 200 OK | 54 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 420 x 312, 8-bit colormap, non-interlaced Hash55fed07cf1edc4f5b1876a0a2880e5fe d7d653085a98230d6ffc01f7f4bdcc4035574d59 eaf23ee9a1eb0f24a464fc184ecd0b34a2b57dc5d5c3b773bc2a503150e6da38
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/png
content-length: 53775
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MTY2NmI4LTJiMmQxIg"
x-request-id: kWh-NKk8329mVK9k5vj5-
cf-cache-status: HIT
age: 339263
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9V4CmkLyCTdXjGp4LVWxkoQ2%2BAVURYE5qUxcr2QPEIlSShWpCLKeAAtB4CaXbOtFeEoY3NoR7MHXCyHSY1NEKPzk9ApVwtIfyCIPEhl86XL%2B9R5%2BYBJAMT8OOIEk7to2KhGG9HzeKsI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af17ba8556a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviatrix.b5fd712c8.svg | 154.197.121.128 | 200 OK | 14 kB |
URL GET HTTP/21win-cdn.com/img/aviatrix.b5fd712c8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc92109aa9c320cc21b175481d4219bac 624606f9179e2fe695a087e64df63ec4cedf912b 8892810b3c337925e0e2a61199d9fee94a589789225f916bc9aa6d0b6c76b438
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/aviatrix.b5fd712c8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-34fe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1980
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19bb1e7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/big%20time%20gaming.e2bd46001.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash736482b909f3d90f4b87845b06343f95 05501f25bbd97642449a87b6113fbb3a2cf36f41 68f08269f37245370fb3122fa2c76f755644e1a9cce3e1abb1cda283aff2de62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/big%20time%20gaming.e2bd46001.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-15e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19db507131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderspin.2d11ae63d.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/thunderspin.2d11ae63d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash604f41c295f537f07943cfe15d6f15f2 ab1b0075af6b7a8c6aa80eaa1ffbec9931a09369 9a89dee21e4f99f3d08e324ca4d4c6b1c08f3acc53bbc9027d57757359734198
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/thunderspin.2d11ae63d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-9d8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c9f357131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/63502.06ceedfaa.js | 154.197.121.128 | 200 OK | 135 kB |
URL GET HTTP/21win-cdn.com/js/63502.06ceedfaa.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size135 kB (135227 bytes) Hasha96e8f77207eb314deed6396463ffefa 2aa9286dba017fbcf9ff859e59b5a051cdfd73c7 227d6d7911161549ffd703d7ee317ba6994b18b40241ecfd5873768851bb5e4c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/63502.06ceedfaa.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-2103b"
expires: Tue, 02 May 2034 15:56:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 111161
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0b2e4a7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wnurc.com/firebase/8.1.1/firebase-messaging.js | 190.115.24.78 | 200 OK | 41 kB |
URL GET HTTP/21wnurc.com/firebase/8.1.1/firebase-messaging.js IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wnurc.com Fingerprint29:8A:BB:7C:EB:85:87:ED:E9:21:DE:1E:36:30:4D:27:BF:70:F2:01 ValidityFri, 03 May 2024 09:17:12 GMT - Thu, 01 Aug 2024 09:17:11 GMT
File typeJavaScript source, ASCII text, with very long lines (40719) Hash450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wnurc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __ddg1_=nvZI7ibdzPCQdh23MAo3; partner_key=ygid; visit_domain=1wnurc.com; core-sticky=http://10.233.80.195:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI4MGViZGMyNy02MzVhLTQxZTQtYmY1MS03MzY2OGNkYTY5YTIlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE0ODM4MjE3NzI5JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNDgzODIxNzc3MSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTIycmVmZXJyZXIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnY4LmZ1cnhjcncuY29tJTJGJTIyJTJDJTIycmVmZXJyaW5nX2RvbWFpbiUyMiUzQSUyMnY4LmZ1cnhjcncuY29tJTIyJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Tue, 09 Apr 2024 12:19:23 GMT
content-type: application/javascript
last-modified: Tue, 09 Apr 2024 10:12:46 GMT
etag: W/"6615149e-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 2173055
content-length: 10915
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/apollo%20play.610da8846.svg | 154.197.121.128 | 200 OK | 5.5 kB |
URL GET HTTP/21win-cdn.com/img/apollo%20play.610da8846.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash50314c7ffb9d11a02d2c58c66e124e29 3ebfb6e02132e3281c64e7866a621fc9ff43678e c6073fd4fbb0239b24f30fc4d2e90e2d34060adb4854b0b3eb34e5c0e363346d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/apollo%20play.610da8846.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-158b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af198ada7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gameart.7beff0d18.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/gameart.7beff0d18.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash0316280cc350cb02b448e29142cbc493 16182a01de1fe9f3918bdfff51002844776c1b08 be85aab3a3bd01ae6471157366d278a01d650882cccaa670c8d5472eda92a073
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gameart.7beff0d18.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-a30"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1a7c2d7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/48357.321450720.css | 154.197.121.128 | 200 OK | 20 kB |
URL GET HTTP/21win-cdn.com/css/48357.321450720.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (19490) Hashc612b8dc334f97071bd0193e5163597e faeeddcec1adfa35b47ec9d0220fe8555ae74468 f55f61953438a991f45ae0d9c1be37fd60d198eb413769c34e9565b3f5bfe63e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/48357.321450720.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-4c23"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 340188
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af0f8c967131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/jetx.64787fc5c.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/jetx.64787fc5c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash0046061bb77d38094cc0f71b7371d406 1fd7894d0117251f1eeec1a343b85532d7864a05 bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 349
expires: Sat, 04 May 2024 19:56:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af119f787131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/33700.8f8589382.js | 154.197.121.128 | 200 OK | 992 B |
URL GET HTTP/21win-cdn.com/js/33700.8f8589382.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1010), with no line terminators Hash7a56ca20c70147de869fb6f869c24757 8ba632a6c326ca6152d0c51a202527013eeb42f4 543572cbc25b63dbaf723d527cdb47a50c56655698f3eae1708b30e881429640
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/33700.8f8589382.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3e0"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 339748
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af12183a7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boomerang.413a98511.svg | 154.197.121.128 | 200 OK | 36 kB |
URL GET HTTP/21win-cdn.com/img/boomerang.413a98511.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd37b7a09c29c7e0179175433f4b9cff7 9c24e32b7e570cd294ee7400d7b6b96348a6a8f9 e9eaf42baf55a608a7663e6f63812bd1faf020d3d75d6c12ddec5ea4b945e53a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/boomerang.413a98511.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-8c38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19eb597131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/slotmill.c42ddd447.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/slotmill.c42ddd447.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash39d48e4b982998cd10417bd09dcc0afc 541c60c508d7777db2cd0e49c18cf32219532dd8 3e18df680be6da9246c3675408ec0e7e107891281a863ab9b6377832b44ee48f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/slotmill.c42ddd447.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3313"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c4eb47131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif | 104.21.75.209 | 200 OK | 8.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash0e5690478eedfa1df868b3925ae7765f 2b5c93c92cd6c824f2b78e3eca5acdcd0848c5a7 efc476f654991ceb6e2ec648f67789fe3f5a56c2e85dcabae86175ee1a1f06d0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/avif
content-length: 8133
cache-control: public, max-age=31536000
content-disposition: inline; filename="16b695c0-a55e-4b62-a358-7f28a054f5c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NmY0YzBmLTViZWY2Ig"
x-request-id: wIvVBE6Ca87qQK-_rWGwc
cf-cache-status: HIT
age: 340210
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9IIA6yIDJuAKLyEyfQyJr1hK5s9t9d02fEhOhNLrqZrUmQMN%2B9IdRMxaDFXULzjRsVUJVvySBXea6zwivzegAm0My%2BYNEKwiwklMgNWZ1R%2Bhv7%2Fu58dsFtjxnBz6RkPZOX3UhAfXXPw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1d6b6656a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/41543.9ecf6875c.js | 154.197.121.128 | 200 OK | 695 B |
URL GET HTTP/21win-cdn.com/js/41543.9ecf6875c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (713), with no line terminators Hash3a416c7a8b544cab2961aa391df25f73 1760b78a71e89b19890fc1e1d457f20fc7931b8f 63858586d9c72226c0522e2b0dbd181ef99b481aebef11049ac603b942c6876b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/41543.9ecf6875c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b7"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 335555
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1288e67131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/78449.1776bac9f.js | 154.197.121.128 | 200 OK | 786 B |
URL GET HTTP/21win-cdn.com/js/78449.1776bac9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (804), with no line terminators Hash3997e692861614602ae0ad581192673b 274ba9d8795299558fc25f0bdceb6997a27b8a4d 70920957cad5b0eb4747ccfa5e2cbde79c7f88bd7e3077e5715924c1c4368716
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/78449.1776bac9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-312"
expires: Tue, 02 May 2034 15:56:59 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 335324
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af18fa307131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/liw.134f23084.svg | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET HTTP/21win-cdn.com/img/liw.134f23084.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash264daa943330a145d35b4c46632ff260 9eb716994914e9640f1a2965a0cef6eeb6c2eba0 f0224d25386512226df690d731c56ff27c141f6c608684d2c3d67fa9e26594de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/liw.134f23084.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1e9e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1aecb47131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/quickspin.d9067a98a.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/quickspin.d9067a98a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash2981087d9047df84f1f173886d7f2353 27ee3db1546e61fb1042fe15065f39266f85bcc8 5dcab82097da033050612cbf50989d6cc9d2fe6823af9c8ea82affdc504e5a3d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/quickspin.d9067a98a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1bfe2b7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderkick.6962312e1.svg | 154.197.121.128 | 200 OK | 841 B |
URL GET HTTP/21win-cdn.com/img/thunderkick.6962312e1.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashee06089b308c5065a8e92a32b7b38686 2e83ac75ceb109c245525a733cfb3efc97cc42bd 24c651706b7981a60f137cc5b44b8d28dd81116565ffbdaef6687c8b41e4da21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1c8f117131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90511.4bc374431.js | 154.197.121.128 | 200 OK | 637 B |
URL GET HTTP/21win-cdn.com/js/90511.4bc374431.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (655), with no line terminators Hasha148eff943a30bc50c489b0cf73349ca 757f5c140878aca4fd1e3c8936e54f6abe59f95f ce9597252bbb61b1a89d84ac59a501e64985510009e7521964cdbf9933e32c09
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Tue, 02 May 2034 15:56:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 329783
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af11bfb77131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif | 104.21.75.209 | 200 OK | 5.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif IP104.21.75.209:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashbaf3f199ffdfb682bbcd9d3837e517c0 3803d7a122952937942ab92c0724af229c4f2dfe 2e33b0efc808c5c2e8e2741821e0b3aa7f595fd7c5d14b51a5b0b75c5fd87058
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/avif
content-length: 5627
cache-control: public, max-age=31536000
content-disposition: inline; filename="0c8b561e-d1d5-4e08-903f-f0b53d280c7c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MThkLTE2MjkwIg"
x-request-id: sqvHPCw8RSGhIoq_jQMf2
cf-cache-status: HIT
age: 344034
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cqb3LoT3asEIat7CipQqd6dOS5tu%2BvFIvW4RnCp7sOIVQpcb6DiTf3JMHhE8WZ%2FtM5s8wROO1SGt1%2Bumwv8o40ZO33xRizNdfZGTJvQtZiOgZlkjkd7YXfZE9WCgvr6hHrcGPQD9d3U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af185b5756a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bgaming.ae3573ff9.svg | 154.197.121.128 | 200 OK | 4.0 kB |
URL GET HTTP/21win-cdn.com/img/bgaming.ae3573ff9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf2081caf12b5dad178e766a8bd906e19 5ffdd19030dd7868b979fa8c19243e62b70eabb8 ac0b648f44a2ab64ba3f4e7517ebbe6ba9ff28082268f67b9afebc0d8d38e884
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bgaming.ae3573ff9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:56:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-f9d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 43
expires: Sat, 04 May 2024 19:56:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af19db4c7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/platipus.dd3b50ce6.svg | 154.197.121.128 | 200 OK | 3.7 kB |
URL GET HTTP/21win-cdn.com/img/platipus.dd3b50ce6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash47208726d4dd191a03af9229fc538eb2 0ef7c3f6b3788794db7709213ecaee1b7558a5c2 b27442adef75a0afbde2ad9cacddd4d871e0a302390e6e860c59d627013b32f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/platipus.dd3b50ce6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-e84"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1b9db77131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pragmatic.2e7a96b71.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/pragmatic.2e7a96b71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash0318d08339acfa9fb15b1f56bb22b145 caa87d78a9c14af0beeb66733294652e6b1627b8 24fe7388e4f3fc5ddea45e6369a02683ca4ecbe85d5e18c8f67d47a69709cea9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pragmatic.2e7a96b71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-953"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1437
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1bcdfb7131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/zillion.c0e3dd6f0.svg | 154.197.121.128 | 200 OK | 684 B |
URL GET HTTP/21win-cdn.com/img/zillion.c0e3dd6f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd9e09ca4e933fc8dabb60c1335cb7cd6 37b3bb2ea200f88ae0f7c681547dfba6fcce1449 fb15bc779be9be33fbb41082ce8c6defe5cbeb6273b2a3cf620e40ef4416c177
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wnurc.com/
Cookie: __cf_bm=5C3uaovrlDyXFqURfOW.hV96sBEpKPisR8r3xwioX04-1714838217-1.0.1.1-tj1dqJg_k1uRF91.Os.aUnEvKs08Cco89Sv.a0JLJYjAlIyA4kGsuy9dEkxMSfwakkd_LNlAUtnjHS88G9mhqA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 15:57:00 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4931
expires: Sat, 04 May 2024 19:57:00 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9af1cdfa87131-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|